diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index ca51e8b72..0b96b4c48 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -5,6 +5,11 @@ from django import forms
from django.db.models import Value, CharField, Q
from django.db.models.functions import Concat, Coalesce
from django.http import HttpResponseRedirect
+from registrar.utility.admin_helpers import (
+ get_action_needed_reason_default_email,
+ get_rejection_reason_default_email,
+ get_field_links_as_list,
+)
from django.conf import settings
from django.shortcuts import redirect
from django_fsm import get_available_FIELD_transitions, FSMField
@@ -20,11 +25,6 @@ from epplibwrapper.errors import ErrorCode, RegistryError
from registrar.models.user_domain_role import UserDomainRole
from waffle.admin import FlagAdmin
from waffle.models import Sample, Switch
-from registrar.utility.admin_helpers import (
- get_all_action_needed_reason_emails,
- get_action_needed_reason_default_email,
- get_field_links_as_list,
-)
from registrar.models import Contact, Domain, DomainRequest, DraftDomain, User, Website, SeniorOfficial
from registrar.utility.constants import BranchChoices
from registrar.utility.errors import FSMDomainRequestError, FSMErrorCodes
@@ -190,11 +190,11 @@ class PortfolioInvitationAdminForm(UserChangeForm):
model = models.PortfolioInvitation
fields = "__all__"
widgets = {
- "portfolio_roles": FilteredSelectMultipleArrayWidget(
- "portfolio_roles", is_stacked=False, choices=UserPortfolioRoleChoices.choices
+ "roles": FilteredSelectMultipleArrayWidget(
+ "roles", is_stacked=False, choices=UserPortfolioRoleChoices.choices
),
- "portfolio_additional_permissions": FilteredSelectMultipleArrayWidget(
- "portfolio_additional_permissions",
+ "additional_permissions": FilteredSelectMultipleArrayWidget(
+ "additional_permissions",
is_stacked=False,
choices=UserPortfolioPermissionChoices.choices,
),
@@ -237,6 +237,7 @@ class DomainRequestAdminForm(forms.ModelForm):
}
labels = {
"action_needed_reason_email": "Email",
+ "rejection_reason_email": "Email",
}
def __init__(self, *args, **kwargs):
@@ -1408,8 +1409,8 @@ class PortfolioInvitationAdmin(ListHeaderAdmin):
list_display = [
"email",
"portfolio",
- "portfolio_roles",
- "portfolio_additional_permissions",
+ "roles",
+ "additional_permissions",
"status",
]
@@ -1750,6 +1751,7 @@ class DomainRequestAdmin(ListHeaderAdmin, ImportExportModelAdmin):
"status_history",
"status",
"rejection_reason",
+ "rejection_reason_email",
"action_needed_reason",
"action_needed_reason_email",
"investigator",
@@ -1905,25 +1907,11 @@ class DomainRequestAdmin(ListHeaderAdmin, ImportExportModelAdmin):
# Get the original domain request from the database.
original_obj = models.DomainRequest.objects.get(pk=obj.pk)
- # == Handle action_needed_reason == #
-
- reason_changed = obj.action_needed_reason != original_obj.action_needed_reason
- if reason_changed:
- # Track the fact that we sent out an email
- request.session["action_needed_email_sent"] = True
-
- # Set the action_needed_reason_email to the default if nothing exists.
- # Since this check occurs after save, if the user enters a value then we won't update.
-
- default_email = get_action_needed_reason_default_email(request, obj, obj.action_needed_reason)
- if obj.action_needed_reason_email:
- emails = get_all_action_needed_reason_emails(request, obj)
- is_custom_email = obj.action_needed_reason_email not in emails.values()
- if not is_custom_email:
- obj.action_needed_reason_email = default_email
- else:
- obj.action_needed_reason_email = default_email
+ # == Handle action needed and rejected emails == #
+ # Edge case: this logic is handled by javascript, so contexts outside that must be handled
+ obj = self._handle_custom_emails(obj)
+ # == Handle allowed emails == #
if obj.status in DomainRequest.get_statuses_that_send_emails() and not settings.IS_PRODUCTION:
self._check_for_valid_email(request, obj)
@@ -1939,6 +1927,15 @@ class DomainRequestAdmin(ListHeaderAdmin, ImportExportModelAdmin):
if should_save:
return super().save_model(request, obj, form, change)
+ def _handle_custom_emails(self, obj):
+ if obj.status == DomainRequest.DomainRequestStatus.ACTION_NEEDED:
+ if obj.action_needed_reason and not obj.action_needed_reason_email:
+ obj.action_needed_reason_email = get_action_needed_reason_default_email(obj, obj.action_needed_reason)
+ elif obj.status == DomainRequest.DomainRequestStatus.REJECTED:
+ if obj.rejection_reason and not obj.rejection_reason_email:
+ obj.rejection_reason_email = get_rejection_reason_default_email(obj, obj.rejection_reason)
+ return obj
+
def _check_for_valid_email(self, request, obj):
"""Certain emails are whitelisted in non-production environments,
so we should display that information using this function.
@@ -1976,18 +1973,30 @@ class DomainRequestAdmin(ListHeaderAdmin, ImportExportModelAdmin):
# If the status is not mapped properly, saving could cause
# weird issues down the line. Instead, we should block this.
+ # NEEDS A UNIT TEST
should_proceed = False
- return should_proceed
+ return (obj, should_proceed)
- request_is_not_approved = obj.status != models.DomainRequest.DomainRequestStatus.APPROVED
- if request_is_not_approved and not obj.domain_is_not_active():
- # If an admin tried to set an approved domain request to
- # another status and the related domain is already
- # active, shortcut the action and throw a friendly
- # error message. This action would still not go through
- # shortcut or not as the rules are duplicated on the model,
- # but the error would be an ugly Django error screen.
+ obj_is_not_approved = obj.status != models.DomainRequest.DomainRequestStatus.APPROVED
+ if obj_is_not_approved and not obj.domain_is_not_active():
+ # REDUNDANT CHECK / ERROR SCREEN AVOIDANCE:
+ # This action (moving a request from approved to
+ # another status) when the domain is already active (READY),
+ # would still not go through even without this check as the rules are
+ # duplicated in the model and the error is raised from the model.
+ # This avoids an ugly Django error screen.
error_message = "This action is not permitted. The domain is already active."
+ elif (
+ original_obj.status != models.DomainRequest.DomainRequestStatus.APPROVED
+ and obj.status == models.DomainRequest.DomainRequestStatus.APPROVED
+ and original_obj.requested_domain is not None
+ and Domain.objects.filter(name=original_obj.requested_domain.name).exists()
+ ):
+ # REDUNDANT CHECK:
+ # This action (approving a request when the domain exists)
+ # would still not go through even without this check as the rules are
+ # duplicated in the model and the error is raised from the model.
+ error_message = FSMDomainRequestError.get_error_message(FSMErrorCodes.APPROVE_DOMAIN_IN_USE)
elif obj.status == models.DomainRequest.DomainRequestStatus.REJECTED and not obj.rejection_reason:
# This condition should never be triggered.
# The opposite of this condition is acceptable (rejected -> other status and rejection_reason)
@@ -2464,7 +2473,10 @@ class DomainAdmin(ListHeaderAdmin, ImportExportModelAdmin):
generic_org_type.admin_order_field = "domain_info__generic_org_type" # type: ignore
def federal_agency(self, obj):
- return obj.domain_info.federal_agency if obj.domain_info else None
+ if obj.domain_info:
+ return obj.domain_info.federal_agency
+ else:
+ return None
federal_agency.admin_order_field = "domain_info__federal_agency" # type: ignore
diff --git a/src/registrar/assets/js/get-gov-admin.js b/src/registrar/assets/js/get-gov-admin.js
index 73f3dded1..fd50fbb0c 100644
--- a/src/registrar/assets/js/get-gov-admin.js
+++ b/src/registrar/assets/js/get-gov-admin.js
@@ -344,69 +344,6 @@ function initializeWidgetOnList(list, parentId) {
}
}
-/** An IIFE for admin in DjangoAdmin to listen to changes on the domain request
- * status select and to show/hide the rejection reason
-*/
-(function (){
- let rejectionReasonFormGroup = document.querySelector('.field-rejection_reason')
- // This is the "action needed reason" field
- let actionNeededReasonFormGroup = document.querySelector('.field-action_needed_reason');
- // This is the "Email" field
- let actionNeededReasonEmailFormGroup = document.querySelector('.field-action_needed_reason_email')
-
- if (rejectionReasonFormGroup && actionNeededReasonFormGroup && actionNeededReasonEmailFormGroup) {
- let statusSelect = document.getElementById('id_status')
- let isRejected = statusSelect.value == "rejected"
- let isActionNeeded = statusSelect.value == "action needed"
-
- // Initial handling of rejectionReasonFormGroup display
- showOrHideObject(rejectionReasonFormGroup, show=isRejected)
- showOrHideObject(actionNeededReasonFormGroup, show=isActionNeeded)
- showOrHideObject(actionNeededReasonEmailFormGroup, show=isActionNeeded)
-
- // Listen to change events and handle rejectionReasonFormGroup display, then save status to session storage
- statusSelect.addEventListener('change', function() {
- // Show the rejection reason field if the status is rejected.
- // Then track if its shown or hidden in our session cache.
- isRejected = statusSelect.value == "rejected"
- showOrHideObject(rejectionReasonFormGroup, show=isRejected)
- addOrRemoveSessionBoolean("showRejectionReason", add=isRejected)
-
- isActionNeeded = statusSelect.value == "action needed"
- showOrHideObject(actionNeededReasonFormGroup, show=isActionNeeded)
- showOrHideObject(actionNeededReasonEmailFormGroup, show=isActionNeeded)
- addOrRemoveSessionBoolean("showActionNeededReason", add=isActionNeeded)
- });
-
- // Listen to Back/Forward button navigation and handle rejectionReasonFormGroup display based on session storage
-
- // When you navigate using forward/back after changing status but not saving, when you land back on the DA page the
- // status select will say (for example) Rejected but the selected option can be something else. To manage the show/hide
- // accurately for this edge case, we use cache and test for the back/forward navigation.
- const observer = new PerformanceObserver((list) => {
- list.getEntries().forEach((entry) => {
- if (entry.type === "back_forward") {
- let showRejectionReason = sessionStorage.getItem("showRejectionReason") !== null
- showOrHideObject(rejectionReasonFormGroup, show=showRejectionReason)
-
- let showActionNeededReason = sessionStorage.getItem("showActionNeededReason") !== null
- showOrHideObject(actionNeededReasonFormGroup, show=showActionNeededReason)
- showOrHideObject(actionNeededReasonEmailFormGroup, show=isActionNeeded)
- }
- });
- });
- observer.observe({ type: "navigation" });
- }
-
- // Adds or removes the display-none class to object depending on the value of boolean show
- function showOrHideObject(object, show){
- if (show){
- object.classList.remove("display-none");
- }else {
- object.classList.add("display-none");
- }
- }
-})();
/** An IIFE for toggling the submit bar on domain request forms
*/
@@ -501,82 +438,110 @@ function initializeWidgetOnList(list, parentId) {
})();
-/** An IIFE that hooks to the show/hide button underneath action needed reason.
- * This shows the auto generated email on action needed reason.
-*/
-document.addEventListener('DOMContentLoaded', function() {
- const dropdown = document.getElementById("id_action_needed_reason");
- const textarea = document.getElementById("id_action_needed_reason_email")
- const domainRequestId = dropdown ? document.getElementById("domain_request_id").value : null
- const textareaPlaceholder = document.querySelector(".field-action_needed_reason_email__placeholder");
- const directEditButton = document.querySelector('.field-action_needed_reason_email__edit');
- const modalTrigger = document.querySelector('.field-action_needed_reason_email__modal-trigger');
- const modalConfirm = document.getElementById('confirm-edit-email');
- const formLabel = document.querySelector('label[for="id_action_needed_reason_email"]');
- let lastSentEmailContent = document.getElementById("last-sent-email-content");
- const initialDropdownValue = dropdown ? dropdown.value : null;
- const initialEmailValue = textarea.value;
+class CustomizableEmailBase {
+
+ /**
+ * @param {Object} config - must contain the following:
+ * @property {HTMLElement} dropdown - The dropdown element.
+ * @property {HTMLElement} textarea - The textarea element.
+ * @property {HTMLElement} lastSentEmailContent - The last sent email content element.
+ * @property {HTMLElement} textAreaFormGroup - The form group for the textarea.
+ * @property {HTMLElement} dropdownFormGroup - The form group for the dropdown.
+ * @property {HTMLElement} modalConfirm - The confirm button in the modal.
+ * @property {string} apiUrl - The API URL for fetching email content.
+ * @property {string} statusToCheck - The status to check against. Used for show/hide on textAreaFormGroup/dropdownFormGroup.
+ * @property {string} sessionVariableName - The session variable name. Used for show/hide on textAreaFormGroup/dropdownFormGroup.
+ * @property {string} apiErrorMessage - The error message that the ajax call returns.
+ */
+ constructor(config) {
+ this.config = config;
+ this.dropdown = config.dropdown;
+ this.textarea = config.textarea;
+ this.lastSentEmailContent = config.lastSentEmailContent;
+ this.apiUrl = config.apiUrl;
+ this.apiErrorMessage = config.apiErrorMessage;
+ this.modalConfirm = config.modalConfirm;
+
+ // These fields are hidden/shown on pageload depending on the current status
+ this.textAreaFormGroup = config.textAreaFormGroup;
+ this.dropdownFormGroup = config.dropdownFormGroup;
+ this.statusToCheck = config.statusToCheck;
+ this.sessionVariableName = config.sessionVariableName;
+
+ // Non-configurable variables
+ this.statusSelect = document.getElementById("id_status");
+ this.domainRequestId = this.dropdown ? document.getElementById("domain_request_id").value : null
+ this.initialDropdownValue = this.dropdown ? this.dropdown.value : null;
+ this.initialEmailValue = this.textarea ? this.textarea.value : null;
+
+ // Find other fields near the textarea
+ const parentDiv = this.textarea ? this.textarea.closest(".flex-container") : null;
+ this.directEditButton = parentDiv ? parentDiv.querySelector(".edit-email-button") : null;
+ this.modalTrigger = parentDiv ? parentDiv.querySelector(".edit-button-modal-trigger") : null;
+
+ this.textareaPlaceholder = parentDiv ? parentDiv.querySelector(".custom-email-placeholder") : null;
+ this.formLabel = this.textarea ? document.querySelector(`label[for="${this.textarea.id}"]`) : null;
+
+ this.isEmailAlreadySentConst;
+ if (this.lastSentEmailContent && this.textarea) {
+ this.isEmailAlreadySentConst = this.lastSentEmailContent.value.replace(/\s+/g, '') === this.textarea.value.replace(/\s+/g, '');
+ }
- // We will use the const to control the modal
- let isEmailAlreadySentConst = lastSentEmailContent.value.replace(/\s+/g, '') === textarea.value.replace(/\s+/g, '');
- // We will use the function to control the label and help
- function isEmailAlreadySent() {
- return lastSentEmailContent.value.replace(/\s+/g, '') === textarea.value.replace(/\s+/g, '');
}
- if (!dropdown || !textarea || !domainRequestId || !formLabel || !modalConfirm) return;
- const apiUrl = document.getElementById("get-action-needed-email-for-user-json").value;
+ // Handle showing/hiding the related fields on page load.
+ initializeFormGroups() {
+ let isStatus = this.statusSelect.value == this.statusToCheck;
- function updateUserInterface(reason) {
- if (!reason) {
- // No reason selected, we will set the label to "Email", show the "Make a selection" placeholder, hide the trigger, textarea, hide the help text
- formLabel.innerHTML = "Email:";
- textareaPlaceholder.innerHTML = "Select an action needed reason to see email";
- showElement(textareaPlaceholder);
- hideElement(directEditButton);
- hideElement(modalTrigger);
- hideElement(textarea);
- } else if (reason === 'other') {
- // 'Other' selected, we will set the label to "Email", show the "No email will be sent" placeholder, hide the trigger, textarea, hide the help text
- formLabel.innerHTML = "Email:";
- textareaPlaceholder.innerHTML = "No email will be sent";
- showElement(textareaPlaceholder);
- hideElement(directEditButton);
- hideElement(modalTrigger);
- hideElement(textarea);
- } else {
- // A triggering selection is selected, all hands on board:
- textarea.setAttribute('readonly', true);
- showElement(textarea);
- hideElement(textareaPlaceholder);
+ // Initial handling of these groups.
+ this.updateFormGroupVisibility(isStatus);
- if (isEmailAlreadySentConst) {
- hideElement(directEditButton);
- showElement(modalTrigger);
- } else {
- showElement(directEditButton);
- hideElement(modalTrigger);
- }
- if (isEmailAlreadySent()) {
- formLabel.innerHTML = "Email sent to creator:";
- } else {
- formLabel.innerHTML = "Email:";
- }
+ // Listen to change events and handle rejectionReasonFormGroup display, then save status to session storage
+ this.statusSelect.addEventListener('change', () => {
+ // Show the action needed field if the status is what we expect.
+ // Then track if its shown or hidden in our session cache.
+ isStatus = this.statusSelect.value == this.statusToCheck;
+ this.updateFormGroupVisibility(isStatus);
+ addOrRemoveSessionBoolean(this.sessionVariableName, isStatus);
+ });
+
+ // Listen to Back/Forward button navigation and handle rejectionReasonFormGroup display based on session storage
+ // When you navigate using forward/back after changing status but not saving, when you land back on the DA page the
+ // status select will say (for example) Rejected but the selected option can be something else. To manage the show/hide
+ // accurately for this edge case, we use cache and test for the back/forward navigation.
+ const observer = new PerformanceObserver((list) => {
+ list.getEntries().forEach((entry) => {
+ if (entry.type === "back_forward") {
+ let showTextAreaFormGroup = sessionStorage.getItem(this.sessionVariableName) !== null;
+ this.updateFormGroupVisibility(showTextAreaFormGroup);
+ }
+ });
+ });
+ observer.observe({ type: "navigation" });
+ }
+
+ updateFormGroupVisibility(showFormGroups) {
+ if (showFormGroups) {
+ showElement(this.textAreaFormGroup);
+ showElement(this.dropdownFormGroup);
+ }else {
+ hideElement(this.textAreaFormGroup);
+ hideElement(this.dropdownFormGroup);
}
}
- // Initialize UI
- updateUserInterface(dropdown.value);
-
- dropdown.addEventListener("change", function() {
- const reason = dropdown.value;
- // Update the UI
- updateUserInterface(reason);
- if (reason && reason !== "other") {
- // If it's not the initial value
- if (initialDropdownValue !== dropdown.value || initialEmailValue !== textarea.value) {
+ initializeDropdown() {
+ this.dropdown.addEventListener("change", () => {
+ let reason = this.dropdown.value;
+ if (this.initialDropdownValue !== this.dropdown.value || this.initialEmailValue !== this.textarea.value) {
+ let searchParams = new URLSearchParams(
+ {
+ "reason": reason,
+ "domain_request_id": this.domainRequestId,
+ }
+ );
// Replace the email content
- fetch(`${apiUrl}?reason=${reason}&domain_request_id=${domainRequestId}`)
+ fetch(`${this.apiUrl}?${searchParams.toString()}`)
.then(response => {
return response.json().then(data => data);
})
@@ -584,30 +549,213 @@ document.addEventListener('DOMContentLoaded', function() {
if (data.error) {
console.error("Error in AJAX call: " + data.error);
}else {
- textarea.value = data.action_needed_email;
+ this.textarea.value = data.email;
}
- updateUserInterface(reason);
+ this.updateUserInterface(reason);
})
.catch(error => {
- console.error("Error action needed email: ", error)
+ console.error(this.apiErrorMessage, error)
});
}
+ });
+ }
+
+ initializeModalConfirm() {
+ this.modalConfirm.addEventListener("click", () => {
+ this.textarea.removeAttribute('readonly');
+ this.textarea.focus();
+ hideElement(this.directEditButton);
+ hideElement(this.modalTrigger);
+ });
+ }
+
+ initializeDirectEditButton() {
+ this.directEditButton.addEventListener("click", () => {
+ this.textarea.removeAttribute('readonly');
+ this.textarea.focus();
+ hideElement(this.directEditButton);
+ hideElement(this.modalTrigger);
+ });
+ }
+
+ isEmailAlreadySent() {
+ return this.lastSentEmailContent.value.replace(/\s+/g, '') === this.textarea.value.replace(/\s+/g, '');
+ }
+
+ updateUserInterface(reason=this.dropdown.value, excluded_reasons=["other"]) {
+ if (!reason) {
+ // No reason selected, we will set the label to "Email", show the "Make a selection" placeholder, hide the trigger, textarea, hide the help text
+ this.showPlaceholderNoReason();
+ } else if (excluded_reasons.includes(reason)) {
+ // 'Other' selected, we will set the label to "Email", show the "No email will be sent" placeholder, hide the trigger, textarea, hide the help text
+ this.showPlaceholderOtherReason();
+ } else {
+ this.showReadonlyTextarea();
+ }
+ }
+
+ // Helper function that makes overriding the readonly textarea easy
+ showReadonlyTextarea() {
+ // A triggering selection is selected, all hands on board:
+ this.textarea.setAttribute('readonly', true);
+ showElement(this.textarea);
+ hideElement(this.textareaPlaceholder);
+
+ if (this.isEmailAlreadySentConst) {
+ hideElement(this.directEditButton);
+ showElement(this.modalTrigger);
+ } else {
+ showElement(this.directEditButton);
+ hideElement(this.modalTrigger);
}
- });
+ if (this.isEmailAlreadySent()) {
+ this.formLabel.innerHTML = "Email sent to creator:";
+ } else {
+ this.formLabel.innerHTML = "Email:";
+ }
+ }
- modalConfirm.addEventListener("click", () => {
- textarea.removeAttribute('readonly');
- textarea.focus();
- hideElement(directEditButton);
- hideElement(modalTrigger);
- });
- directEditButton.addEventListener("click", () => {
- textarea.removeAttribute('readonly');
- textarea.focus();
- hideElement(directEditButton);
- hideElement(modalTrigger);
- });
+ // Helper function that makes overriding the placeholder reason easy
+ showPlaceholderNoReason() {
+ this.showPlaceholder("Email:", "Select a reason to see email");
+ }
+
+ // Helper function that makes overriding the placeholder reason easy
+ showPlaceholderOtherReason() {
+ this.showPlaceholder("Email:", "No email will be sent");
+ }
+
+ showPlaceholder(formLabelText, placeholderText) {
+ this.formLabel.innerHTML = formLabelText;
+ this.textareaPlaceholder.innerHTML = placeholderText;
+ showElement(this.textareaPlaceholder);
+ hideElement(this.directEditButton);
+ hideElement(this.modalTrigger);
+ hideElement(this.textarea);
+ }
+}
+
+
+
+class customActionNeededEmail extends CustomizableEmailBase {
+ constructor() {
+ const emailConfig = {
+ dropdown: document.getElementById("id_action_needed_reason"),
+ textarea: document.getElementById("id_action_needed_reason_email"),
+ lastSentEmailContent: document.getElementById("last-sent-action-needed-email-content"),
+ modalConfirm: document.getElementById("action-needed-reason__confirm-edit-email"),
+ apiUrl: document.getElementById("get-action-needed-email-for-user-json")?.value || null,
+ textAreaFormGroup: document.querySelector('.field-action_needed_reason'),
+ dropdownFormGroup: document.querySelector('.field-action_needed_reason_email'),
+ statusToCheck: "action needed",
+ sessionVariableName: "showActionNeededReason",
+ apiErrorMessage: "Error when attempting to grab action needed email: "
+ }
+ super(emailConfig);
+ }
+
+ loadActionNeededEmail() {
+ // Hide/show the email fields depending on the current status
+ this.initializeFormGroups();
+ // Setup the textarea, edit button, helper text
+ this.updateUserInterface();
+ this.initializeDropdown();
+ this.initializeModalConfirm();
+ this.initializeDirectEditButton();
+ }
+
+ // Overrides the placeholder text when no reason is selected
+ showPlaceholderNoReason() {
+ this.showPlaceholder("Email:", "Select an action needed reason to see email");
+ }
+
+ // Overrides the placeholder text when the reason other is selected
+ showPlaceholderOtherReason() {
+ this.showPlaceholder("Email:", "No email will be sent");
+ }
+}
+
+/** An IIFE that hooks to the show/hide button underneath action needed reason.
+ * This shows the auto generated email on action needed reason.
+*/
+document.addEventListener('DOMContentLoaded', function() {
+ const domainRequestForm = document.getElementById("domainrequest_form");
+ if (!domainRequestForm) {
+ return;
+ }
+
+ // Initialize UI
+ const customEmail = new customActionNeededEmail();
+
+ // Check that every variable was setup correctly
+ const nullItems = Object.entries(customEmail.config).filter(([key, value]) => value === null).map(([key]) => key);
+ if (nullItems.length > 0) {
+ console.error(`Failed to load customActionNeededEmail(). Some variables were null: ${nullItems.join(", ")}`)
+ return;
+ }
+ customEmail.loadActionNeededEmail()
+});
+
+
+class customRejectedEmail extends CustomizableEmailBase {
+ constructor() {
+ const emailConfig = {
+ dropdown: document.getElementById("id_rejection_reason"),
+ textarea: document.getElementById("id_rejection_reason_email"),
+ lastSentEmailContent: document.getElementById("last-sent-rejection-email-content"),
+ modalConfirm: document.getElementById("rejection-reason__confirm-edit-email"),
+ apiUrl: document.getElementById("get-rejection-email-for-user-json")?.value || null,
+ textAreaFormGroup: document.querySelector('.field-rejection_reason'),
+ dropdownFormGroup: document.querySelector('.field-rejection_reason_email'),
+ statusToCheck: "rejected",
+ sessionVariableName: "showRejectionReason",
+ errorMessage: "Error when attempting to grab rejected email: "
+ };
+ super(emailConfig);
+ }
+
+ loadRejectedEmail() {
+ this.initializeFormGroups();
+ this.updateUserInterface();
+ this.initializeDropdown();
+ this.initializeModalConfirm();
+ this.initializeDirectEditButton();
+ }
+
+ // Overrides the placeholder text when no reason is selected
+ showPlaceholderNoReason() {
+ this.showPlaceholder("Email:", "Select a rejection reason to see email");
+ }
+
+ updateUserInterface(reason=this.dropdown.value, excluded_reasons=[]) {
+ super.updateUserInterface(reason, excluded_reasons);
+ }
+ // Overrides the placeholder text when the reason other is selected
+ // showPlaceholderOtherReason() {
+ // this.showPlaceholder("Email:", "No email will be sent");
+ // }
+}
+
+
+/** An IIFE that hooks to the show/hide button underneath rejected reason.
+ * This shows the auto generated email on action needed reason.
+*/
+document.addEventListener('DOMContentLoaded', function() {
+ const domainRequestForm = document.getElementById("domainrequest_form");
+ if (!domainRequestForm) {
+ return;
+ }
+
+ // Initialize UI
+ const customEmail = new customRejectedEmail();
+ // Check that every variable was setup correctly
+ const nullItems = Object.entries(customEmail.config).filter(([key, value]) => value === null).map(([key]) => key);
+ if (nullItems.length > 0) {
+ console.error(`Failed to load customRejectedEmail(). Some variables were null: ${nullItems.join(", ")}`)
+ return;
+ }
+ customEmail.loadRejectedEmail()
});
@@ -706,18 +854,6 @@ document.addEventListener('DOMContentLoaded', function() {
}
return '';
}
- // Extract the submitter name, title, email, and phone number
- const submitterDiv = document.querySelector('.form-row.field-submitter');
- const submitterNameElement = document.getElementById('id_submitter');
- // We have to account for different superuser and analyst markups
- const submitterName = submitterNameElement
- ? submitterNameElement.options[submitterNameElement.selectedIndex].text
- : submitterDiv.querySelector('a').text;
- const submitterTitle = extractTextById('contact_info_title', submitterDiv);
- const submitterEmail = extractTextById('contact_info_email', submitterDiv);
- const submitterPhone = extractTextById('contact_info_phone', submitterDiv);
- let submitterInfo = `${submitterName}${submitterTitle}${submitterEmail}${submitterPhone}`;
-
//------ Senior Official
const seniorOfficialDiv = document.querySelector('.form-row.field-senior_official');
@@ -734,7 +870,6 @@ document.addEventListener('DOMContentLoaded', function() {
`Current Websites: ${existingWebsites.join(', ')}` +
`Rationale: ` +
`Alternative Domains: ${alternativeDomains.join(', ')}` +
- `Submitter: ${submitterInfo}` +
`Senior Official: ${seniorOfficialInfo}` +
`Other Employees: ${otherContactsSummary}`;
diff --git a/src/registrar/assets/js/get-gov.js b/src/registrar/assets/js/get-gov.js
index 8a07b3f27..8281aa50a 100644
--- a/src/registrar/assets/js/get-gov.js
+++ b/src/registrar/assets/js/get-gov.js
@@ -1880,11 +1880,10 @@ class MembersTable extends LoadTableBase {
* @param {*} sortBy - the sort column option
* @param {*} order - the sort order {asc, desc}
* @param {*} scroll - control for the scrollToElement functionality
- * @param {*} status - control for the status filter
* @param {*} searchTerm - the search term
* @param {*} portfolio - the portfolio id
*/
- loadTable(page, sortBy = this.currentSortBy, order = this.currentOrder, scroll = this.scrollToTable, status = this.currentStatus, searchTerm =this.currentSearchTerm, portfolio = this.portfolioValue) {
+ loadTable(page, sortBy = this.currentSortBy, order = this.currentOrder, scroll = this.scrollToTable, searchTerm =this.currentSearchTerm, portfolio = this.portfolioValue) {
// --------- SEARCH
let searchParams = new URLSearchParams(
@@ -1892,7 +1891,6 @@ class MembersTable extends LoadTableBase {
"page": page,
"sort_by": sortBy,
"order": order,
- "status": status,
"search_term": searchTerm
}
);
@@ -1928,11 +1926,40 @@ class MembersTable extends LoadTableBase {
const memberList = document.querySelector('.members__table tbody');
memberList.innerHTML = '';
+ const invited = 'Invited';
+
data.members.forEach(member => {
- // const actionUrl = domain.action_url;
const member_name = member.name;
- const member_email = member.email;
- const last_active = member.last_active;
+ const member_display = member.member_display;
+ const options = { year: 'numeric', month: 'short', day: 'numeric' };
+
+ // Handle last_active values
+ let last_active = member.last_active;
+ let last_active_formatted = '';
+ let last_active_sort_value = '';
+
+ // Handle 'Invited' or null/empty values differently from valid dates
+ if (last_active && last_active !== invited) {
+ try {
+ // Try to parse the last_active as a valid date
+ last_active = new Date(last_active);
+ if (!isNaN(last_active)) {
+ last_active_formatted = last_active.toLocaleDateString('en-US', options);
+ last_active_sort_value = last_active.getTime(); // For sorting purposes
+ } else {
+ last_active_formatted='Invalid date'
+ }
+ } catch (e) {
+ console.error(`Error parsing date: ${last_active}. Error: ${e}`);
+ last_active_formatted='Invalid date'
+ }
+ } else {
+ // Handle 'Invited' or null
+ last_active = invited;
+ last_active_formatted = invited;
+ last_active_sort_value = invited; // Keep 'Invited' as a sortable string
+ }
+
const action_url = member.action_url;
const action_label = member.action_label;
const svg_icon = member.svg_icon;
@@ -1945,10 +1972,10 @@ class MembersTable extends LoadTableBase {
row.innerHTML = `
- ${member_email ? member_email : member_name} ${admin_tagHTML}
+ ${member_display} ${admin_tagHTML}
-
- ${last_active}
+
+ ${last_active_formatted}
diff --git a/src/registrar/assets/sass/_theme/_admin.scss b/src/registrar/assets/sass/_theme/_admin.scss
index 5cea72c4c..b6bc0d296 100644
--- a/src/registrar/assets/sass/_theme/_admin.scss
+++ b/src/registrar/assets/sass/_theme/_admin.scss
@@ -385,6 +385,7 @@ a.button,
font-kerning: auto;
font-family: inherit;
font-weight: normal;
+ text-decoration: none !important;
}
.button svg,
.button span,
@@ -392,6 +393,9 @@ a.button,
.usa-button--dja span {
vertical-align: middle;
}
+.usa-button--dja.usa-button--unstyled {
+ color: var(--link-fg);
+}
.usa-button--dja:not(.usa-button--unstyled, .usa-button--outline, .usa-modal__close, .usa-button--secondary) {
background: var(--button-bg);
}
@@ -421,11 +425,34 @@ input[type=submit].button--dja-toolbar {
input[type=submit].button--dja-toolbar:focus, input[type=submit].button--dja-toolbar:hover {
border-color: var(--body-quiet-color);
}
-// Targets the DJA buttom with a nested icon
-button .usa-icon,
-.button .usa-icon,
-.button--clipboard .usa-icon {
- vertical-align: middle;
+.admin-icon-group {
+ position: relative;
+ display: inline;
+ align-items: center;
+
+ input {
+ // Allow for padding around the copy button
+ padding-right: 35px !important;
+ }
+
+ button {
+ width: max-content;
+ }
+
+ @media (max-width: 1000px) {
+ button {
+ display: block;
+ }
+ }
+
+ span {
+ padding-left: 0.05rem;
+ }
+
+}
+.usa-button__small-text,
+.usa-button__small-text span {
+ font-size: 13px;
}
.module--custom {
@@ -673,71 +700,10 @@ address.dja-address-contact-list {
}
}
-// Make the clipboard button "float" inside of the input box
-.admin-icon-group {
- position: relative;
- display: inline;
- align-items: center;
-
- input {
- // Allow for padding around the copy button
- padding-right: 35px !important;
- // Match the height of other inputs
- min-height: 2.25rem !important;
- }
-
- button {
- line-height: 14px;
- width: max-content;
- font-size: unset;
- text-decoration: none !important;
- }
-
- @media (max-width: 1000px) {
- button {
- display: block;
- padding-top: 8px;
- }
- }
-
- span {
- padding-left: 0.1rem;
- }
-
-}
-
-.admin-icon-group.admin-icon-group__clipboard-link {
- position: relative;
- display: inline;
- align-items: center;
-
-
- .usa-button--icon {
- position: absolute;
- right: auto;
- left: 4px;
- height: 100%;
- top: -1px;
- }
- button {
- font-size: unset !important;
- display: inline-flex;
- padding-top: 4px;
- line-height: 14px;
- width: max-content;
- font-size: unset;
- text-decoration: none !important;
- }
-}
-
.no-outline-on-click:focus {
outline: none !important;
}
-.usa-button__small-text {
- font-size: small;
-}
-
// Get rid of padding on all help texts
form .aligned p.help, form .aligned div.help {
padding-left: 0px !important;
@@ -887,6 +853,9 @@ div.dja__model-description{
padding-top: 0 !important;
}
+.padding-bottom-0 {
+ padding-bottom: 0 !important;
+}
.flex-container {
@media screen and (min-width: 700px) and (max-width: 1150px) {
diff --git a/src/registrar/assets/sass/_theme/_buttons.scss b/src/registrar/assets/sass/_theme/_buttons.scss
index 2e4469e12..ff5ffb386 100644
--- a/src/registrar/assets/sass/_theme/_buttons.scss
+++ b/src/registrar/assets/sass/_theme/_buttons.scss
@@ -254,6 +254,7 @@ a .usa-icon,
// Note: Can be simplified by adding text-secondary to delete anchors in tables
button.text-secondary,
button.text-secondary:hover,
-.dotgov-table a.text-secondary {
+a.text-secondary,
+a.text-secondary:hover {
color: $theme-color-error;
}
diff --git a/src/registrar/config/urls.py b/src/registrar/config/urls.py
index 436ca3ae0..ee923aac6 100644
--- a/src/registrar/config/urls.py
+++ b/src/registrar/config/urls.py
@@ -31,9 +31,10 @@ from registrar.views.utility.api_views import (
get_senior_official_from_federal_agency_json,
get_federal_and_portfolio_types_from_federal_agency_json,
get_action_needed_email_for_user_json,
+ get_rejection_email_for_user_json,
)
-from registrar.views.domain_request import Step
+from registrar.views.domain_request import Step, PortfolioDomainRequestStep
from registrar.views.transfer_user import TransferUserView
from registrar.views.utility import always_404
from api.views import available, rdap, get_current_federal, get_current_full
@@ -61,6 +62,9 @@ for step, view in [
(Step.ADDITIONAL_DETAILS, views.AdditionalDetails),
(Step.REQUIREMENTS, views.Requirements),
(Step.REVIEW, views.Review),
+ # Portfolio steps
+ (PortfolioDomainRequestStep.REQUESTING_ENTITY, views.RequestingEntity),
+ (PortfolioDomainRequestStep.ADDITIONAL_DETAILS, views.PortfolioAdditionalDetails),
]:
domain_request_urls.append(path(f"{step}/", view.as_view(), name=step))
@@ -82,6 +86,26 @@ urlpatterns = [
views.PortfolioMembersView.as_view(),
name="members",
),
+ path(
+ "member/",
+ views.PortfolioMemberView.as_view(),
+ name="member",
+ ),
+ path(
+ "member//permissions",
+ views.PortfolioMemberEditView.as_view(),
+ name="member-permissions",
+ ),
+ path(
+ "invitedmember/",
+ views.PortfolioInvitedMemberView.as_view(),
+ name="invitedmember",
+ ),
+ path(
+ "invitedmember//permissions",
+ views.PortfolioInvitedMemberEditView.as_view(),
+ name="invitedmember-permissions",
+ ),
# path(
# "no-organization-members/",
# views.PortfolioNoMembersView.as_view(),
@@ -172,6 +196,11 @@ urlpatterns = [
get_action_needed_email_for_user_json,
name="get-action-needed-email-for-user-json",
),
+ path(
+ "admin/api/get-rejection-email-for-user-json/",
+ get_rejection_email_for_user_json,
+ name="get-rejection-email-for-user-json",
+ ),
path("admin/", admin.site.urls),
path(
"reports/export_data_type_user/",
@@ -184,7 +213,12 @@ urlpatterns = [
name="export_data_type_requests",
),
path(
- "domain-request//edit/",
+ "reports/export_data_type_requests/",
+ ExportDataTypeRequests.as_view(),
+ name="export_data_type_requests",
+ ),
+ path(
+ "domain-request//edit/",
views.DomainRequestWizard.as_view(),
name=views.DomainRequestWizard.EDIT_URL_NAME,
),
diff --git a/src/registrar/fixtures/fixtures_user_portfolio_permissions.py b/src/registrar/fixtures/fixtures_user_portfolio_permissions.py
index 6b6e137cd..22d6a0c0e 100644
--- a/src/registrar/fixtures/fixtures_user_portfolio_permissions.py
+++ b/src/registrar/fixtures/fixtures_user_portfolio_permissions.py
@@ -8,7 +8,7 @@ from registrar.fixtures.fixtures_users import UserFixture
from registrar.models import User
from registrar.models.portfolio import Portfolio
from registrar.models.user_portfolio_permission import UserPortfolioPermission
-from registrar.models.utility.portfolio_helper import UserPortfolioRoleChoices
+from registrar.models.utility.portfolio_helper import UserPortfolioPermissionChoices, UserPortfolioRoleChoices
fake = Faker()
logger = logging.getLogger(__name__)
@@ -60,6 +60,7 @@ class UserPortfolioPermissionFixture:
user=user,
portfolio=portfolio,
roles=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN],
+ additional_permissions=[UserPortfolioPermissionChoices.EDIT_MEMBERS],
)
user_portfolio_permissions_to_create.append(user_portfolio_permission)
else:
diff --git a/src/registrar/forms/__init__.py b/src/registrar/forms/__init__.py
index 033e955ed..121e2b3f7 100644
--- a/src/registrar/forms/__init__.py
+++ b/src/registrar/forms/__init__.py
@@ -13,4 +13,5 @@ from .domain import (
)
from .portfolio import (
PortfolioOrgAddressForm,
+ PortfolioMemberForm,
)
diff --git a/src/registrar/forms/domain.py b/src/registrar/forms/domain.py
index 84fcbe973..b43d91a58 100644
--- a/src/registrar/forms/domain.py
+++ b/src/registrar/forms/domain.py
@@ -4,7 +4,7 @@ import logging
from django import forms
from django.core.validators import MinValueValidator, MaxValueValidator, RegexValidator, MaxLengthValidator
from django.forms import formset_factory
-from registrar.models import DomainRequest
+from registrar.models import DomainRequest, FederalAgency
from phonenumber_field.widgets import RegionalPhoneNumberWidget
from registrar.models.suborganization import Suborganization
from registrar.models.utility.domain_helper import DomainHelper
@@ -35,7 +35,10 @@ class DomainAddUserForm(forms.Form):
email = forms.EmailField(
label="Email",
max_length=None,
- error_messages={"invalid": ("Enter your email address in the required format, like name@example.com.")},
+ error_messages={
+ "invalid": ("Enter an email address in the required format, like name@example.com."),
+ "required": ("Enter an email address in the required format, like name@example.com."),
+ },
validators=[
MaxLengthValidator(
320,
@@ -285,7 +288,7 @@ class UserForm(forms.ModelForm):
"required": "Enter your title or role in your organization (e.g., Chief Information Officer)"
}
self.fields["email"].error_messages = {
- "required": "Enter your email address in the required format, like name@example.com."
+ "required": "Enter an email address in the required format, like name@example.com."
}
self.fields["phone"].error_messages["required"] = "Enter your phone number."
self.domainInfo = None
@@ -342,7 +345,7 @@ class ContactForm(forms.ModelForm):
"required": "Enter your title or role in your organization (e.g., Chief Information Officer)"
}
self.fields["email"].error_messages = {
- "required": "Enter your email address in the required format, like name@example.com."
+ "required": "Enter an email address in the required format, like name@example.com."
}
self.fields["phone"].error_messages["required"] = "Enter your phone number."
self.domainInfo = None
@@ -458,9 +461,12 @@ class DomainOrgNameAddressForm(forms.ModelForm):
validators=[
RegexValidator(
"^[0-9]{5}(?:-[0-9]{4})?$|^$",
- message="Enter a zip code in the required format, like 12345 or 12345-6789.",
+ message="Enter a 5-digit or 9-digit zip code, like 12345 or 12345-6789.",
)
],
+ error_messages={
+ "required": "Enter a 5-digit or 9-digit zip code, like 12345 or 12345-6789.",
+ },
)
class Meta:
@@ -529,17 +535,25 @@ class DomainOrgNameAddressForm(forms.ModelForm):
def save(self, commit=True):
"""Override the save() method of the BaseModelForm."""
+
if self.has_changed():
# This action should be blocked by the UI, as the text fields are readonly.
# If they get past this point, we forbid it this way.
# This could be malicious, so lets reserve information for the backend only.
- if self.is_federal and not self._field_unchanged("federal_agency"):
- raise ValueError("federal_agency cannot be modified when the generic_org_type is federal")
+
+ if self.is_federal:
+ if not self._field_unchanged("federal_agency"):
+ raise ValueError("federal_agency cannot be modified when the generic_org_type is federal")
+
elif self.is_tribal and not self._field_unchanged("organization_name"):
raise ValueError("organization_name cannot be modified when the generic_org_type is tribal")
- super().save()
+ else: # If this error that means Non-Federal Agency is missing
+ non_federal_agency_instance = FederalAgency.get_non_federal_agency()
+ self.instance.federal_agency = non_federal_agency_instance
+
+ return super().save(commit=commit)
def _field_unchanged(self, field_name) -> bool:
"""
diff --git a/src/registrar/forms/domain_request_wizard.py b/src/registrar/forms/domain_request_wizard.py
index f2fdd32bc..f8ac85140 100644
--- a/src/registrar/forms/domain_request_wizard.py
+++ b/src/registrar/forms/domain_request_wizard.py
@@ -21,6 +21,13 @@ from registrar.utility.constants import BranchChoices
logger = logging.getLogger(__name__)
+class RequestingEntityForm(RegistrarForm):
+ organization_name = forms.CharField(
+ label="Organization name",
+ error_messages={"required": "Enter the name of your organization."},
+ )
+
+
class OrganizationTypeForm(RegistrarForm):
generic_org_type = forms.ChoiceField(
# use the long names in the domain request form
@@ -137,10 +144,10 @@ class OrganizationContactForm(RegistrarForm):
validators=[
RegexValidator(
"^[0-9]{5}(?:-[0-9]{4})?$|^$",
- message="Enter a zip code in the form of 12345 or 12345-6789.",
+ message="Enter a 5-digit or 9-digit zip code, like 12345 or 12345-6789.",
)
],
- error_messages={"required": ("Enter a zip code in the form of 12345 or 12345-6789.")},
+ error_messages={"required": ("Enter a 5-digit or 9-digit zip code, like 12345 or 12345-6789.")},
)
urbanization = forms.CharField(
required=False,
@@ -226,7 +233,10 @@ class SeniorOfficialForm(RegistrarForm):
email = forms.EmailField(
label="Email",
max_length=None,
- error_messages={"invalid": ("Enter an email address in the required format, like name@example.com.")},
+ error_messages={
+ "invalid": ("Enter an email address in the required format, like name@example.com."),
+ "required": ("Enter an email address in the required format, like name@example.com."),
+ },
validators=[
MaxLengthValidator(
320,
@@ -603,7 +613,8 @@ class CisaRepresentativeForm(BaseDeletableRegistrarForm):
max_length=None,
required=False,
error_messages={
- "invalid": ("Enter your representative’s email address in the required format, like name@example.com."),
+ "invalid": ("Enter an email address in the required format, like name@example.com."),
+ "required": ("Enter an email address in the required format, like name@example.com."),
},
validators=[
MaxLengthValidator(
diff --git a/src/registrar/forms/portfolio.py b/src/registrar/forms/portfolio.py
index 14a45f6ae..7c8d2f171 100644
--- a/src/registrar/forms/portfolio.py
+++ b/src/registrar/forms/portfolio.py
@@ -4,7 +4,14 @@ import logging
from django import forms
from django.core.validators import RegexValidator
-from ..models import DomainInformation, Portfolio, SeniorOfficial
+from registrar.models import (
+ PortfolioInvitation,
+ UserPortfolioPermission,
+ DomainInformation,
+ Portfolio,
+ SeniorOfficial,
+)
+from registrar.models.utility.portfolio_helper import UserPortfolioPermissionChoices, UserPortfolioRoleChoices
logger = logging.getLogger(__name__)
@@ -17,9 +24,12 @@ class PortfolioOrgAddressForm(forms.ModelForm):
validators=[
RegexValidator(
"^[0-9]{5}(?:-[0-9]{4})?$|^$",
- message="Enter a zip code in the required format, like 12345 or 12345-6789.",
+ message="Enter a 5-digit or 9-digit zip code, like 12345 or 12345-6789.",
)
],
+ error_messages={
+ "required": "Enter a 5-digit or 9-digit zip code, like 12345 or 12345-6789.",
+ },
)
class Meta:
@@ -38,6 +48,7 @@ class PortfolioOrgAddressForm(forms.ModelForm):
"state_territory": {
"required": "Select the state, territory, or military post where your organization is located."
},
+ "zipcode": {"required": "Enter a 5-digit or 9-digit zip code, like 12345 or 12345-6789."},
}
widgets = {
# We need to set the required attributed for State/territory
@@ -95,3 +106,57 @@ class PortfolioSeniorOfficialForm(forms.ModelForm):
cleaned_data = super().clean()
cleaned_data.pop("full_name", None)
return cleaned_data
+
+
+class PortfolioMemberForm(forms.ModelForm):
+ """
+ Form for updating a portfolio member.
+ """
+
+ roles = forms.MultipleChoiceField(
+ choices=UserPortfolioRoleChoices.choices,
+ widget=forms.SelectMultiple(attrs={"class": "usa-select"}),
+ required=False,
+ label="Roles",
+ )
+
+ additional_permissions = forms.MultipleChoiceField(
+ choices=UserPortfolioPermissionChoices.choices,
+ widget=forms.SelectMultiple(attrs={"class": "usa-select"}),
+ required=False,
+ label="Additional Permissions",
+ )
+
+ class Meta:
+ model = UserPortfolioPermission
+ fields = [
+ "roles",
+ "additional_permissions",
+ ]
+
+
+class PortfolioInvitedMemberForm(forms.ModelForm):
+ """
+ Form for updating a portfolio invited member.
+ """
+
+ roles = forms.MultipleChoiceField(
+ choices=UserPortfolioRoleChoices.choices,
+ widget=forms.SelectMultiple(attrs={"class": "usa-select"}),
+ required=False,
+ label="Roles",
+ )
+
+ additional_permissions = forms.MultipleChoiceField(
+ choices=UserPortfolioPermissionChoices.choices,
+ widget=forms.SelectMultiple(attrs={"class": "usa-select"}),
+ required=False,
+ label="Additional Permissions",
+ )
+
+ class Meta:
+ model = PortfolioInvitation
+ fields = [
+ "roles",
+ "additional_permissions",
+ ]
diff --git a/src/registrar/forms/user_profile.py b/src/registrar/forms/user_profile.py
index 2a6ed4a47..8d8e2973d 100644
--- a/src/registrar/forms/user_profile.py
+++ b/src/registrar/forms/user_profile.py
@@ -58,7 +58,7 @@ class UserProfileForm(forms.ModelForm):
"required": "Enter your title or role in your organization (e.g., Chief Information Officer)"
}
self.fields["email"].error_messages = {
- "required": "Enter your email address in the required format, like name@example.com."
+ "required": "Enter an email address in the required format, like name@example.com."
}
self.fields["phone"].error_messages["required"] = "Enter your phone number."
diff --git a/src/registrar/forms/utility/wizard_form_helper.py b/src/registrar/forms/utility/wizard_form_helper.py
index ba3c37e1e..eedf5839b 100644
--- a/src/registrar/forms/utility/wizard_form_helper.py
+++ b/src/registrar/forms/utility/wizard_form_helper.py
@@ -279,11 +279,11 @@ class BaseYesNoForm(RegistrarForm):
return initial_value
-def request_step_list(request_wizard):
+def request_step_list(request_wizard, step_enum):
"""Dynamically generated list of steps in the form wizard."""
step_list = []
- for step in request_wizard.StepEnum:
- condition = request_wizard.WIZARD_CONDITIONS.get(step, True)
+ for step in step_enum:
+ condition = request_wizard.wizard_conditions.get(step, True)
if callable(condition):
condition = condition(request_wizard)
if condition:
diff --git a/src/registrar/migrations/0133_domainrequest_rejection_reason_email_and_more.py b/src/registrar/migrations/0133_domainrequest_rejection_reason_email_and_more.py
new file mode 100644
index 000000000..383c3ebfa
--- /dev/null
+++ b/src/registrar/migrations/0133_domainrequest_rejection_reason_email_and_more.py
@@ -0,0 +1,35 @@
+# Generated by Django 4.2.10 on 2024-10-08 18:52
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+ dependencies = [
+ ("registrar", "0132_alter_domaininformation_portfolio_and_more"),
+ ]
+
+ operations = [
+ migrations.AddField(
+ model_name="domainrequest",
+ name="rejection_reason_email",
+ field=models.TextField(blank=True, null=True),
+ ),
+ migrations.AlterField(
+ model_name="domainrequest",
+ name="rejection_reason",
+ field=models.TextField(
+ blank=True,
+ choices=[
+ ("domain_purpose", "Purpose requirements not met"),
+ ("requestor_not_eligible", "Requestor not eligible to make request"),
+ ("org_has_domain", "Org already has a .gov domain"),
+ ("contacts_not_verified", "Org contacts couldn't be verified"),
+ ("org_not_eligible", "Org not eligible for a .gov domain"),
+ ("naming_requirements", "Naming requirements not met"),
+ ("other", "Other/Unspecified"),
+ ],
+ null=True,
+ ),
+ ),
+ ]
diff --git a/src/registrar/migrations/0134_rename_portfolio_additional_permissions_portfolioinvitation_additional_permissions_and_more.py b/src/registrar/migrations/0134_rename_portfolio_additional_permissions_portfolioinvitation_additional_permissions_and_more.py
new file mode 100644
index 000000000..9a24438df
--- /dev/null
+++ b/src/registrar/migrations/0134_rename_portfolio_additional_permissions_portfolioinvitation_additional_permissions_and_more.py
@@ -0,0 +1,23 @@
+# Generated by Django 4.2.10 on 2024-10-11 19:58
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+ dependencies = [
+ ("registrar", "0133_domainrequest_rejection_reason_email_and_more"),
+ ]
+
+ operations = [
+ migrations.RenameField(
+ model_name="portfolioinvitation",
+ old_name="portfolio_additional_permissions",
+ new_name="additional_permissions",
+ ),
+ migrations.RenameField(
+ model_name="portfolioinvitation",
+ old_name="portfolio_roles",
+ new_name="roles",
+ ),
+ ]
diff --git a/src/registrar/models/domain_request.py b/src/registrar/models/domain_request.py
index 79bc223e9..b9e3315d5 100644
--- a/src/registrar/models/domain_request.py
+++ b/src/registrar/models/domain_request.py
@@ -254,18 +254,18 @@ class DomainRequest(TimeStampedModel):
)
class RejectionReasons(models.TextChoices):
- DOMAIN_PURPOSE = "purpose_not_met", "Purpose requirements not met"
- REQUESTOR = "requestor_not_eligible", "Requestor not eligible to make request"
- SECOND_DOMAIN_REASONING = (
+ DOMAIN_PURPOSE = "domain_purpose", "Purpose requirements not met"
+ REQUESTOR_NOT_ELIGIBLE = "requestor_not_eligible", "Requestor not eligible to make request"
+ ORG_HAS_DOMAIN = (
"org_has_domain",
"Org already has a .gov domain",
)
- CONTACTS_OR_ORGANIZATION_LEGITIMACY = (
+ CONTACTS_NOT_VERIFIED = (
"contacts_not_verified",
"Org contacts couldn't be verified",
)
- ORGANIZATION_ELIGIBILITY = "org_not_eligible", "Org not eligible for a .gov domain"
- NAMING_REQUIREMENTS = "naming_not_met", "Naming requirements not met"
+ ORG_NOT_ELIGIBLE = "org_not_eligible", "Org not eligible for a .gov domain"
+ NAMING_REQUIREMENTS = "naming_requirements", "Naming requirements not met"
OTHER = "other", "Other/Unspecified"
@classmethod
@@ -300,6 +300,11 @@ class DomainRequest(TimeStampedModel):
blank=True,
)
+ rejection_reason_email = models.TextField(
+ null=True,
+ blank=True,
+ )
+
action_needed_reason = models.TextField(
choices=ActionNeededReasons.choices,
null=True,
@@ -635,15 +640,16 @@ class DomainRequest(TimeStampedModel):
# Actually updates the organization_type field
org_type_helper.create_or_update_organization_type()
- def _cache_status_and_action_needed_reason(self):
+ def _cache_status_and_status_reasons(self):
"""Maintains a cache of properties so we can avoid a DB call"""
self._cached_action_needed_reason = self.action_needed_reason
+ self._cached_rejection_reason = self.rejection_reason
self._cached_status = self.status
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
# Store original values for caching purposes. Used to compare them on save.
- self._cache_status_and_action_needed_reason()
+ self._cache_status_and_status_reasons()
def save(self, *args, **kwargs):
"""Save override for custom properties"""
@@ -655,23 +661,63 @@ class DomainRequest(TimeStampedModel):
super().save(*args, **kwargs)
- # Handle the action needed email.
- # An email is sent out when action_needed_reason is changed or added.
- if self.action_needed_reason and self.status == self.DomainRequestStatus.ACTION_NEEDED:
- self.sync_action_needed_reason()
+ # Handle custom status emails.
+ # An email is sent out when a, for example, action_needed_reason is changed or added.
+ statuses_that_send_custom_emails = [self.DomainRequestStatus.ACTION_NEEDED, self.DomainRequestStatus.REJECTED]
+ if self.status in statuses_that_send_custom_emails:
+ self.send_custom_status_update_email(self.status)
# Update the cached values after saving
- self._cache_status_and_action_needed_reason()
+ self._cache_status_and_status_reasons()
- def sync_action_needed_reason(self):
- """Checks if we need to send another action needed email"""
- was_already_action_needed = self._cached_status == self.DomainRequestStatus.ACTION_NEEDED
- reason_exists = self._cached_action_needed_reason is not None and self.action_needed_reason is not None
- reason_changed = self._cached_action_needed_reason != self.action_needed_reason
- if was_already_action_needed and reason_exists and reason_changed:
- # We don't send emails out in state "other"
- if self.action_needed_reason != self.ActionNeededReasons.OTHER:
- self._send_action_needed_reason_email(email_content=self.action_needed_reason_email)
+ def send_custom_status_update_email(self, status):
+ """Helper function to send out a second status email when the status remains the same,
+ but the reason has changed."""
+
+ # Currently, we store all this information in three variables.
+ # When adding new reasons, this can be a lot to manage so we store it here
+ # in a centralized location. However, this may need to change if this scales.
+ status_information = {
+ self.DomainRequestStatus.ACTION_NEEDED: {
+ "cached_reason": self._cached_action_needed_reason,
+ "reason": self.action_needed_reason,
+ "email": self.action_needed_reason_email,
+ "excluded_reasons": [DomainRequest.ActionNeededReasons.OTHER],
+ "wrap_email": True,
+ },
+ self.DomainRequestStatus.REJECTED: {
+ "cached_reason": self._cached_rejection_reason,
+ "reason": self.rejection_reason,
+ "email": self.rejection_reason_email,
+ "excluded_reasons": [],
+ # "excluded_reasons": [DomainRequest.RejectionReasons.OTHER],
+ "wrap_email": False,
+ },
+ }
+ status_info = status_information.get(status)
+
+ # Don't send an email if there is nothing to send.
+ if status_info.get("email") is None:
+ logger.warning("send_custom_status_update_email() => Tried sending an empty email.")
+ return
+
+ # We should never send an email if no reason was specified.
+ # Additionally, Don't send out emails for reasons that shouldn't send them.
+ if status_info.get("reason") is None or status_info.get("reason") in status_info.get("excluded_reasons"):
+ logger.warning("send_custom_status_update_email() => Tried sending a status email without a reason.")
+ return
+
+ # Only send out an email if the underlying reason itself changed or if no email was sent previously.
+ if status_info.get("cached_reason") != status_info.get("reason") or status_info.get("cached_reason") is None:
+ bcc_address = settings.DEFAULT_FROM_EMAIL if settings.IS_PRODUCTION else ""
+ self._send_status_update_email(
+ new_status=status,
+ email_template="emails/includes/custom_email.txt",
+ email_template_subject="emails/status_change_subject.txt",
+ bcc_address=bcc_address,
+ custom_email_content=status_info.get("email"),
+ wrap_email=status_information.get("wrap_email"),
+ )
def sync_yes_no_form_fields(self):
"""Some yes/no forms use a db field to track whether it was checked or not.
@@ -901,7 +947,7 @@ class DomainRequest(TimeStampedModel):
target=DomainRequestStatus.ACTION_NEEDED,
conditions=[domain_is_not_active, investigator_exists_and_is_staff],
)
- def action_needed(self, send_email=True):
+ def action_needed(self):
"""Send back an domain request that is under investigation or rejected.
This action is logged.
@@ -909,43 +955,23 @@ class DomainRequest(TimeStampedModel):
This action cleans up the rejection status if moving away from rejected.
As side effects this will delete the domain and domain_information
- (will cascade) when they exist."""
+ (will cascade) when they exist.
+
+ Afterwards, we send out an email for action_needed in def save().
+ See the function send_custom_status_update_email.
+ """
if self.status == self.DomainRequestStatus.APPROVED:
- self.delete_and_clean_up_domain("reject_with_prejudice")
+ self.delete_and_clean_up_domain("action_needed")
elif self.status == self.DomainRequestStatus.REJECTED:
self.rejection_reason = None
+ # Check if the tuple is setup correctly, then grab its value.
+
literal = DomainRequest.DomainRequestStatus.ACTION_NEEDED
- # Check if the tuple is setup correctly, then grab its value
action_needed = literal if literal is not None else "Action Needed"
logger.info(f"A status change occurred. {self} was changed to '{action_needed}'")
- # Send out an email if an action needed reason exists
- if self.action_needed_reason and self.action_needed_reason != self.ActionNeededReasons.OTHER:
- email_content = self.action_needed_reason_email
- self._send_action_needed_reason_email(send_email, email_content)
-
- def _send_action_needed_reason_email(self, send_email=True, email_content=None):
- """Sends out an automatic email for each valid action needed reason provided"""
-
- email_template_name = "custom_email.txt"
- email_template_subject_name = f"{self.action_needed_reason}_subject.txt"
-
- bcc_address = ""
- if settings.IS_PRODUCTION:
- bcc_address = settings.DEFAULT_FROM_EMAIL
-
- self._send_status_update_email(
- new_status="action needed",
- email_template=f"emails/action_needed_reasons/{email_template_name}",
- email_template_subject=f"emails/action_needed_reasons/{email_template_subject_name}",
- send_email=send_email,
- bcc_address=bcc_address,
- custom_email_content=email_content,
- wrap_email=True,
- )
-
@transition(
field="status",
source=[
@@ -1039,18 +1065,20 @@ class DomainRequest(TimeStampedModel):
def reject(self):
"""Reject an domain request that has been submitted.
+ This action is logged.
+
+ This action cleans up the action needed status if moving away from action needed.
+
As side effects this will delete the domain and domain_information
- (will cascade), and send an email notification."""
+ (will cascade) when they exist.
+
+ Afterwards, we send out an email for reject in def save().
+ See the function send_custom_status_update_email.
+ """
if self.status == self.DomainRequestStatus.APPROVED:
self.delete_and_clean_up_domain("reject")
- self._send_status_update_email(
- "action needed",
- "emails/status_change_rejected.txt",
- "emails/status_change_rejected_subject.txt",
- )
-
@transition(
field="status",
source=[
diff --git a/src/registrar/models/portfolio_invitation.py b/src/registrar/models/portfolio_invitation.py
index 46d7bf124..b1f22ae83 100644
--- a/src/registrar/models/portfolio_invitation.py
+++ b/src/registrar/models/portfolio_invitation.py
@@ -4,6 +4,7 @@ import logging
from django.contrib.auth import get_user_model
from django.db import models
from django_fsm import FSMField, transition
+from registrar.models.domain_invitation import DomainInvitation
from registrar.models.user_portfolio_permission import UserPortfolioPermission
from .utility.portfolio_helper import UserPortfolioPermissionChoices, UserPortfolioRoleChoices # type: ignore
from .utility.time_stamped_model import TimeStampedModel
@@ -38,7 +39,7 @@ class PortfolioInvitation(TimeStampedModel):
related_name="portfolios",
)
- portfolio_roles = ArrayField(
+ roles = ArrayField(
models.CharField(
max_length=50,
choices=UserPortfolioRoleChoices.choices,
@@ -48,7 +49,7 @@ class PortfolioInvitation(TimeStampedModel):
help_text="Select one or more roles.",
)
- portfolio_additional_permissions = ArrayField(
+ additional_permissions = ArrayField(
models.CharField(
max_length=50,
choices=UserPortfolioPermissionChoices.choices,
@@ -67,6 +68,31 @@ class PortfolioInvitation(TimeStampedModel):
def __str__(self):
return f"Invitation for {self.email} on {self.portfolio} is {self.status}"
+ def get_managed_domains_count(self):
+ """Return the count of domain invitations managed by the invited user for this portfolio."""
+ # Filter the UserDomainRole model to get domains where the user has a manager role
+ managed_domains = DomainInvitation.objects.filter(
+ email=self.email, domain__domain_info__portfolio=self.portfolio
+ ).count()
+ return managed_domains
+
+ def get_portfolio_permissions(self):
+ """
+ Retrieve the permissions for the user's portfolio roles from the invite.
+ This is similar logic to _get_portfolio_permissions in user_portfolio_permission
+ """
+ # Use a set to avoid duplicate permissions
+ portfolio_permissions = set()
+
+ if self.roles:
+ for role in self.roles:
+ portfolio_permissions.update(UserPortfolioPermission.PORTFOLIO_ROLE_PERMISSIONS.get(role, []))
+
+ if self.additional_permissions:
+ portfolio_permissions.update(self.additional_permissions)
+
+ return list(portfolio_permissions)
+
@transition(field="status", source=PortfolioInvitationStatus.INVITED, target=PortfolioInvitationStatus.RETRIEVED)
def retrieve(self):
"""When an invitation is retrieved, create the corresponding permission.
@@ -88,8 +114,8 @@ class PortfolioInvitation(TimeStampedModel):
user_portfolio_permission, _ = UserPortfolioPermission.objects.get_or_create(
portfolio=self.portfolio, user=user
)
- if self.portfolio_roles and len(self.portfolio_roles) > 0:
- user_portfolio_permission.roles = self.portfolio_roles
- if self.portfolio_additional_permissions and len(self.portfolio_additional_permissions) > 0:
- user_portfolio_permission.additional_permissions = self.portfolio_additional_permissions
+ if self.roles and len(self.roles) > 0:
+ user_portfolio_permission.roles = self.roles
+ if self.additional_permissions and len(self.additional_permissions) > 0:
+ user_portfolio_permission.additional_permissions = self.additional_permissions
user_portfolio_permission.save()
diff --git a/src/registrar/models/user_portfolio_permission.py b/src/registrar/models/user_portfolio_permission.py
index 241afd328..c95a3f26b 100644
--- a/src/registrar/models/user_portfolio_permission.py
+++ b/src/registrar/models/user_portfolio_permission.py
@@ -1,5 +1,6 @@
from django.db import models
from django.forms import ValidationError
+from registrar.models.user_domain_role import UserDomainRole
from registrar.utility.waffle import flag_is_active_for_user
from registrar.models.utility.portfolio_helper import UserPortfolioPermissionChoices, UserPortfolioRoleChoices
from .utility.time_stamped_model import TimeStampedModel
@@ -79,6 +80,14 @@ class UserPortfolioPermission(TimeStampedModel):
)
return readable_roles
+ def get_managed_domains_count(self):
+ """Return the count of domains managed by the user for this portfolio."""
+ # Filter the UserDomainRole model to get domains where the user has a manager role
+ managed_domains = UserDomainRole.objects.filter(
+ user=self.user, role=UserDomainRole.Roles.MANAGER, domain__domain_info__portfolio=self.portfolio
+ ).count()
+ return managed_domains
+
def _get_portfolio_permissions(self):
"""
Retrieve the permissions for the user's portfolio roles.
diff --git a/src/registrar/templates/admin/change_form_object_tools.html b/src/registrar/templates/admin/change_form_object_tools.html
index 198140c19..66011a3c4 100644
--- a/src/registrar/templates/admin/change_form_object_tools.html
+++ b/src/registrar/templates/admin/change_form_object_tools.html
@@ -20,10 +20,11 @@
{% if opts.model_name == 'domainrequest' %}
-
+
+
{% translate "Copy request summary" %}
diff --git a/src/registrar/templates/admin/input_with_clipboard.html b/src/registrar/templates/admin/input_with_clipboard.html
index 5ad2b27f7..d6a016fd5 100644
--- a/src/registrar/templates/admin/input_with_clipboard.html
+++ b/src/registrar/templates/admin/input_with_clipboard.html
@@ -8,7 +8,7 @@ Template for an input field with a clipboard
{{ field }}
@@ -17,23 +17,27 @@ Template for an input field with a clipboard
>
Copy
+
-
-
- Copy
-
+
+
+
+ Copy
+
+ {% endif %}
-{% endif %}
\ No newline at end of file
+{% endif %}
diff --git a/src/registrar/templates/django/admin/domain_request_change_form.html b/src/registrar/templates/django/admin/domain_request_change_form.html
index afdd9e6c2..8d58bc696 100644
--- a/src/registrar/templates/django/admin/domain_request_change_form.html
+++ b/src/registrar/templates/django/admin/domain_request_change_form.html
@@ -10,6 +10,8 @@
{% url 'get-action-needed-email-for-user-json' as url %}
+ {% url 'get-rejection-email-for-user-json' as url_2 %}
+
{% for fieldset in adminform %}
{% comment %}
TODO: this will eventually need to be changed to something like this
diff --git a/src/registrar/templates/django/admin/includes/contact_detail_list.html b/src/registrar/templates/django/admin/includes/contact_detail_list.html
index 0a28a6532..84fb07f33 100644
--- a/src/registrar/templates/django/admin/includes/contact_detail_list.html
+++ b/src/registrar/templates/django/admin/includes/contact_detail_list.html
@@ -26,7 +26,7 @@
{% if user.email %}
{{ user.email }}
{% include "admin/input_with_clipboard.html" with field=user invisible_input_field=True %}
-
+
{% else %}
None
{% endif %}
diff --git a/src/registrar/templates/django/admin/includes/detail_table_fieldset.html b/src/registrar/templates/django/admin/includes/detail_table_fieldset.html
index 6b755724e..317604c5e 100644
--- a/src/registrar/templates/django/admin/includes/detail_table_fieldset.html
+++ b/src/registrar/templates/django/admin/includes/detail_table_fieldset.html
@@ -137,29 +137,28 @@ This is using a custom implementation fieldset.html (see admin/fieldset.html)
{% block field_other %}
{% if field.field.name == "action_needed_reason_email" %}
+ {{ field.field }}
-
+
–
- {{ field.field }}
-
@@ -187,8 +186,8 @@ This is using a custom implementation fieldset.html (see admin/fieldset.html)
Yes, continue editing
@@ -221,11 +220,99 @@ This is using a custom implementation fieldset.html (see admin/fieldset.html)
{% if original_object.action_needed_reason_email %}
-
+
{% else %}
-
+
{% endif %}
+ {% elif field.field.name == "rejection_reason_email" %}
+ {{ field.field }}
+
+
+ –
+
+
+
+
+
+
+
+
+ Are you sure you want to edit this email?
+
+
+
+ The creator of this request already received an email for this status/reason:
+
+
+ Status: Rejected
+ Reason: {{ original_object.get_rejection_reason_display }}
+
+
+ If you edit this email's text, the system will send another email to
+ the creator after you “save” your changes. If you do not want to send another email, click “cancel” below.
+
+
+
+
+
+
+
+
+
+
+
+
+ {% if original_object.rejection_reason_email %}
+
+ {% else %}
+
+ {% endif %}
{% else %}
{{ field.field }}
{% endif %}
@@ -254,7 +341,7 @@ This is using a custom implementation fieldset.html (see admin/fieldset.html)
- Other contact information
+ Other contact information
@@ -267,18 +354,31 @@ This is using a custom implementation fieldset.html (see admin/fieldset.html)
{{ contact.phone }}
-
-
- Copy email
-
+
+
+
+ Copy email
+
+ {% endif %}
{% endfor %}
diff --git a/src/registrar/templates/domain_org_name_address.html b/src/registrar/templates/domain_org_name_address.html
index 78baed09e..0785b6da1 100644
--- a/src/registrar/templates/domain_org_name_address.html
+++ b/src/registrar/templates/domain_org_name_address.html
@@ -42,7 +42,7 @@
{% input_with_errors form.state_territory %}
- {% with add_class="usa-input--small" sublabel_text="Enter a zip code in the required format, like 12345 or 12345-6789." %}
+ {% with add_class="usa-input--small" sublabel_text="Enter a 5-digit or 9-digit zip code, like 12345 or 12345-6789." %}
{% input_with_errors form.zipcode %}
{% endwith %}
diff --git a/src/registrar/templates/domain_request_dotgov_domain.html b/src/registrar/templates/domain_request_dotgov_domain.html
index 5864cad29..764154254 100644
--- a/src/registrar/templates/domain_request_dotgov_domain.html
+++ b/src/registrar/templates/domain_request_dotgov_domain.html
@@ -12,8 +12,10 @@
Names that uniquely apply to your organization are likely to be approved over names that could also apply to other organizations.
{% if not is_federal %}In most instances, this requires including your state’s two-letter abbreviation.{% endif %}
-
+
+ {% if not portfolio %}
Requests for your organization’s initials or an abbreviated name might not be approved, but we encourage you to request the name you want.
+ {% endif %}
Note that only federal agencies can request generic terms like
vote.gov.
diff --git a/src/registrar/templates/domain_request_intro.html b/src/registrar/templates/domain_request_intro.html
index fd94e0ef1..6b5223991 100644
--- a/src/registrar/templates/domain_request_intro.html
+++ b/src/registrar/templates/domain_request_intro.html
@@ -12,7 +12,11 @@
You’re about to start your .gov domain request.
You don’t have to complete the process in one session. You can save what you enter and come back to it when you’re ready.
+ {% if portfolio %}
+ We’ll use the information you provide to verify your domain request meets our guidelines.
+ {% else %}
We’ll use the information you provide to verify your organization’s eligibility for a .gov domain. We’ll also verify that the domain you request meets our guidelines.
+ {% endif %}
Time to complete the form
If you have all the information you need ,
completing your domain request might take around 15 minutes.
diff --git a/src/registrar/templates/domain_request_org_contact.html b/src/registrar/templates/domain_request_org_contact.html
index d4f3c2071..44b404bbf 100644
--- a/src/registrar/templates/domain_request_org_contact.html
+++ b/src/registrar/templates/domain_request_org_contact.html
@@ -33,7 +33,7 @@
{% input_with_errors forms.0.state_territory %}
- {% with add_class="usa-input--small" sublabel_text="Enter a zip code in the required format, like 12345 or 12345-6789." %}
+ {% with add_class="usa-input--small" sublabel_text="Enter a 5-digit or 9-digit zip code, like 12345 or 12345-6789." %}
{% input_with_errors forms.0.zipcode %}
{% endwith %}
diff --git a/src/registrar/templates/domain_request_requesting_entity.html b/src/registrar/templates/domain_request_requesting_entity.html
new file mode 100644
index 000000000..ed8dd771c
--- /dev/null
+++ b/src/registrar/templates/domain_request_requesting_entity.html
@@ -0,0 +1,16 @@
+{% extends 'domain_request_form.html' %}
+{% load field_helpers url_helpers %}
+
+{% block form_instructions %}
+ 🛸🛸🛸🛸 Placeholder content 🛸🛸🛸🛸
+{% endblock %}
+
+{% block form_fields %}
+
+
+ What is the name of your space vessel?
+
+
+ {% input_with_errors forms.0.organization_name %}
+
+{% endblock %}
diff --git a/src/registrar/templates/domain_request_review.html b/src/registrar/templates/domain_request_review.html
index 03624d2ec..03cf31287 100644
--- a/src/registrar/templates/domain_request_review.html
+++ b/src/registrar/templates/domain_request_review.html
@@ -19,5 +19,9 @@
{% endblock %}
{% block form_fields %}
- {% include "includes/request_review_steps.html" with is_editable=True %}
+ {% if portfolio %}
+ {% include "includes/portfolio_request_review_steps.html" with is_editable=True %}
+ {% else %}
+ {% include "includes/request_review_steps.html" with is_editable=True %}
+ {% endif %}
{% endblock %}
diff --git a/src/registrar/templates/domain_suborganization.html b/src/registrar/templates/domain_suborganization.html
index e6152ecd8..67726e9d5 100644
--- a/src/registrar/templates/domain_suborganization.html
+++ b/src/registrar/templates/domain_suborganization.html
@@ -11,8 +11,13 @@
The name of your suborganization will be publicly listed as the domain registrant.
- This list of suborganizations has been populated the .gov program.
- If you believe there is an error please contact help@get.gov .
+
+
+ When this field is blank, the domain registrant will be listed as the overarching organization: {{ portfolio }}.
+
+
+ If you don’t see your suborganization in the menu or need to edit one of the options,
+ please contact help@get.gov .
{% if has_any_domains_portfolio_permission and has_edit_suborganization_portfolio_permission %}
diff --git a/src/registrar/templates/emails/action_needed_reasons/custom_email.txt b/src/registrar/templates/emails/includes/custom_email.txt
similarity index 100%
rename from src/registrar/templates/emails/action_needed_reasons/custom_email.txt
rename to src/registrar/templates/emails/includes/custom_email.txt
diff --git a/src/registrar/templates/emails/status_change_rejected.txt b/src/registrar/templates/emails/status_change_rejected.txt
index 4e5250162..b1d989bf1 100644
--- a/src/registrar/templates/emails/status_change_rejected.txt
+++ b/src/registrar/templates/emails/status_change_rejected.txt
@@ -8,8 +8,8 @@ REQUEST RECEIVED ON: {{ domain_request.last_submitted_date|date }}
STATUS: Rejected
----------------------------------------------------------------
-{% if domain_request.rejection_reason != 'other' %}
-REJECTION REASON{% endif %}{% if domain_request.rejection_reason == 'purpose_not_met' %}
+{% if reason != domain_request.RejectionReasons.DOMAIN_PURPOSE.OTHER %}
+REJECTION REASON{% endif %}{% if reason == domain_request.RejectionReasons.DOMAIN_PURPOSE %}
Your domain request was rejected because the purpose you provided did not meet our
requirements. You didn’t provide enough information about how you intend to use the
domain.
@@ -18,7 +18,7 @@ Learn more about:
- Eligibility for a .gov domain
- What you can and can’t do with .gov domains .
-If you have questions or comments, reply to this email.{% elif domain_request.rejection_reason == 'contacts_not_verified' %}
+If you have questions or comments, reply to this email.{% elif reason == 'contacts_not_verified' %}
Your domain request was rejected because we could not verify the organizational
-contacts you provided. If you have questions or comments, reply to this email.{% elif domain_request.rejection_reason == 'org_not_eligible' %}
+contacts you provided. If you have questions or comments, reply to this email.{% elif reason == domain_request.RejectionReasons.DOMAIN_PURPOSE.ORG_NOT_ELIGIBLE %}
Your domain request was rejected because we determined that {{ domain_request.organization_name }} is not
eligible for a .gov domain. .Gov domains are only available to official U.S.-based
government organizations.
@@ -46,7 +46,7 @@ Learn more about eligibility for .gov domains
+ {% if not hide_domains %}
{% if has_any_domains_portfolio_permission %}
{% url 'domains' as url %}
@@ -44,13 +45,14 @@
Domains
+ {% endif %}
-
- {% if has_organization_requests_flag %}
+
+ {% if has_organization_requests_flag and not hide_requests %}
{% if has_edit_request_portfolio_permission %}
@@ -91,12 +93,12 @@
{% endif %}
- {% if has_organization_members_flag and has_view_members_portfolio_permission %}
-
-
- Members
-
-
+ {% if has_organization_members_flag %}
+
+
+ Members
+
+
{% endif %}
diff --git a/src/registrar/templates/includes/member_domain_management.html b/src/registrar/templates/includes/member_domain_management.html
new file mode 100644
index 000000000..6bf3f1320
--- /dev/null
+++ b/src/registrar/templates/includes/member_domain_management.html
@@ -0,0 +1,6 @@
+Assigned domains
+{% if domain_count > 0 %}
+ {{domain_count}}
+{% else %}
+ This member does not manage any domains.{% if manage_button %} To assign this member a domain, click "Manage".{% endif %}
+{% endif %}
diff --git a/src/registrar/templates/includes/member_permissions.html b/src/registrar/templates/includes/member_permissions.html
new file mode 100644
index 000000000..8cf75cfbf
--- /dev/null
+++ b/src/registrar/templates/includes/member_permissions.html
@@ -0,0 +1,26 @@
+Member access
+{% if permissions.roles and 'organization_admin' in permissions.roles %}
+ Admin access
+{% elif permissions.roles and 'organization_member' in permissions.roles %}
+ Basic access
+{% else %}
+ ⎯
+{% endif %}
+
+Organization domain requests
+{% if member_has_edit_request_portfolio_permission %}
+ View all requests plus create requests
+{% elif member_has_view_all_requests_portfolio_permission %}
+ View all requests
+{% else %}
+ No access
+{% endif %}
+
+Organization members
+{% if member_has_edit_members_portfolio_permission %}
+ View all members plus manage members
+{% elif member_has_view_members_portfolio_permission %}
+ View all members
+{% else %}
+ No access
+{% endif %}
\ No newline at end of file
diff --git a/src/registrar/templates/includes/modal.html b/src/registrar/templates/includes/modal.html
index b0b316a2f..d918b335d 100644
--- a/src/registrar/templates/includes/modal.html
+++ b/src/registrar/templates/includes/modal.html
@@ -4,6 +4,11 @@
{{ modal_heading }}
+ {%if domain_name_modal is not None %}
+
+ {{ domain_name_modal }}
+
+ {%endif%}
{% if heading_value is not None %}
{# Add a breakpoint #}
diff --git a/src/registrar/templates/includes/portfolio_request_review_steps.html b/src/registrar/templates/includes/portfolio_request_review_steps.html
index 8f7dba9ac..9d3c5bdeb 100644
--- a/src/registrar/templates/includes/portfolio_request_review_steps.html
+++ b/src/registrar/templates/includes/portfolio_request_review_steps.html
@@ -8,7 +8,6 @@
{% endif %}
{% if step == Step.REQUESTING_ENTITY %}
-
{% if domain_request.organization_name %}
{% with title=form_titles|get_item:step value=domain_request %}
{% include "includes/summary_item.html" with title=title value=value heading_level=heading_level editable=is_editable edit_link=domain_request_url address='true' %}
@@ -54,32 +53,8 @@
{% endif %}
{% if step == Step.ADDITIONAL_DETAILS %}
- {% with title=form_titles|get_item:step %}
- {% if domain_request.has_additional_details %}
- {% include "includes/summary_item.html" with title="Additional Details" value=" " heading_level=heading_level editable=is_editable edit_link=domain_request_url %}
-
-
- {% if domain_request.cisa_representative_first_name %}
- {{domain_request.cisa_representative_first_name}} {{domain_request.cisa_representative_last_name}}
- {% if domain_request.cisa_representative_email %}
- {{domain_request.cisa_representative_email}}
- {% endif %}
- {% else %}
- No
- {% endif %}
-
-
-
-
- {% if domain_request.anything_else %}
- {{domain_request.anything_else}}
- {% else %}
- No
- {% endif %}
-
- {% else %}
- {% include "includes/summary_item.html" with title="Additional Details" value="Incomplete "|safe heading_level=heading_level editable=is_editable edit_link=domain_request_url %}
- {% endif %}
+ {% with title=form_titles|get_item:step value=domain_request.anything_else|default:"Incomplete "|safe %}
+ {% include "includes/summary_item.html" with title=title value=value heading_level=heading_level editable=is_editable edit_link=domain_request_url %}
{% endwith %}
{% endif %}
diff --git a/src/registrar/templates/includes/summary_item.html b/src/registrar/templates/includes/summary_item.html
index d4c68395f..0600d7ea7 100644
--- a/src/registrar/templates/includes/summary_item.html
+++ b/src/registrar/templates/includes/summary_item.html
@@ -24,7 +24,11 @@
{% if sub_header_text %}
{% endif %}
- {% if address %}
+ {% if permissions %}
+ {% include "includes/member_permissions.html" with permissions=value %}
+ {% elif domain_mgmt %}
+ {% include "includes/member_domain_management.html" with domain_count=value %}
+ {% elif address %}
{% include "includes/organization_address.html" with organization=value %}
{% elif contact %}
{% if list %}
@@ -122,9 +126,9 @@
class="usa-link usa-link--icon font-sans-sm line-height-sans-5"
>
-
- Edit {{ title }}
+ {% if manage_button %}Manage{% elif view_button %}View{% else %}Edit{% endif %} {{ title }}
{% endif %}
diff --git a/src/registrar/templates/portfolio_domain_request_additional_details.html b/src/registrar/templates/portfolio_domain_request_additional_details.html
new file mode 100644
index 000000000..3b004354f
--- /dev/null
+++ b/src/registrar/templates/portfolio_domain_request_additional_details.html
@@ -0,0 +1,22 @@
+{% extends 'domain_request_form.html' %}
+{% load static field_helpers %}
+
+{% block form_required_fields_help_text %}
+{% include "includes/required_fields.html" %}
+{% endblock %}
+
+{% block form_fields %}
+
+
+
+ Is there anything else you’d like us to know about your domain request?
+
+
+
+
+
Provide details below. *
+ {% with attr_maxlength=2000 add_label_class="usa-sr-only" %}
+ {% input_with_errors forms.0.anything_else %}
+ {% endwith %}
+
+
+ {% url 'members' as url %}
+
+
+
+ Members
+
+ Manage member
+
+
+
+
+
+
Manage member
+
+
+
+ {% if member %}
+ {{ member.email }}
+ {% elif portfolio_invitation %}
+ {{ portfolio_invitation.email }}
+ {% endif %}
+
+ {% if has_edit_members_portfolio_permission %}
+ {% if member %}
+
+ Remove member
+
+ {% else %}
+
+ Cancel invitation
+
+ {% endif %}
+
+
+ {% endif %}
+
+
+
+ Last active:
+ {% if member and member.last_login %}
+ {{ member.last_login }}
+ {% elif portfolio_invitation %}
+ Invited
+ {% else %}
+ ⎯
+ {% endif %}
+ Full name:
+ {% if member %}
+ {% if member.first_name or member.last_name %}
+ {{ member.get_formatted_name }}
+ {% else %}
+ ⎯
+ {% endif %}
+ {% else %}
+ ⎯
+ {% endif %}
+ Title or organization role:
+ {% if member and member.title %}
+ {{ member.title }}
+ {% else %}
+ ⎯
+ {% endif %}
+
+
+ {% if portfolio_permission %}
+ {% include "includes/summary_item.html" with title='Member access and permissions' permissions=True value=portfolio_permission edit_link=edit_url editable=has_edit_members_portfolio_permission %}
+ {% elif portfolio_invitation %}
+ {% include "includes/summary_item.html" with title='Member access and permissions' permissions=True value=portfolio_invitation edit_link=edit_url editable=has_edit_members_portfolio_permission %}
+ {% endif %}
+
+ {% comment %}view_button is passed below as true in all cases. This is because manage_button logic will trump view_button logic; ie. if manage_button is true, view_button will never be looked at{% endcomment %}
+ {% if portfolio_permission %}
+ {% include "includes/summary_item.html" with title='Domain management' domain_mgmt=True value=portfolio_permission.get_managed_domains_count edit_link='#' editable=True manage_button=has_edit_members_portfolio_permission view_button=True %}
+ {% elif portfolio_invitation %}
+ {% include "includes/summary_item.html" with title='Domain management' domain_mgmt=True value=portfolio_invitation.get_managed_domains_count edit_link='#' editable=True manage_button=has_edit_members_portfolio_permission view_button=True %}
+ {% else %}
+ {% include "includes/summary_item.html" with title='Domain management' domain_mgmt=True value=0 edit_link='#' editable=True manage_button=has_edit_members_portfolio_permission view_button=True %}
+ {% endif %}
+
+
+
+
+ {% block messages %}
+ {% include "includes/form_messages.html" %}
+ {% endblock %}
+
+
Manage member
+
+
+ {% if member %}
+ {{ member.email }}
+ {% elif invitation %}
+ {{ invitation.email }}
+ {% endif %}
+
+
+
+
+
+
+
+
+
+
+ {% if has_edit_members_portfolio_permission %}
+ {% endif %}
{% include "includes/members_table.html" with portfolio=portfolio %}
diff --git a/src/registrar/templates/portfolio_organization.html b/src/registrar/templates/portfolio_organization.html
index 2e6a1f488..712d1a6ca 100644
--- a/src/registrar/templates/portfolio_organization.html
+++ b/src/registrar/templates/portfolio_organization.html
@@ -45,7 +45,7 @@
{% input_with_errors form.address_line2 %}
{% input_with_errors form.city %}
{% input_with_errors form.state_territory %}
- {% with add_class="usa-input--small" sublabel_text="Enter a zip code in the required format, like 12345 or 12345-6789." %}
+ {% with add_class="usa-input--small" sublabel_text="Enter a 5-digit or 9-digit zip code, like 12345 or 12345-6789." %}
{% input_with_errors form.zipcode %}
{% endwith %}
diff --git a/src/registrar/templatetags/custom_filters.py b/src/registrar/templatetags/custom_filters.py
index a3f35ae8e..b29dccb08 100644
--- a/src/registrar/templatetags/custom_filters.py
+++ b/src/registrar/templatetags/custom_filters.py
@@ -246,9 +246,7 @@ def is_members_subpage(path):
"""Checks if the given page is a subpage of members.
Takes a path name, like '/organization/'."""
# Since our pages aren't unified under a common path, we need this approach for now.
- url_names = [
- "members",
- ]
+ url_names = ["members", "member", "member-permissions", "invitedmember", "invitedmember-permissions"]
return get_url_name(path) in url_names
diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index cdc3c97de..9c5e3b582 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -654,7 +654,7 @@ class TestDomainInformationAdmin(TestCase):
self.test_helper.assert_response_contains_distinct_values(response, expected_other_employees_fields)
# Test for the copy link
- self.assertContains(response, "button--clipboard", count=3)
+ self.assertContains(response, "copy-to-clipboard", count=3)
# cleanup this test
domain_info.delete()
diff --git a/src/registrar/tests/test_admin_domain.py b/src/registrar/tests/test_admin_domain.py
index a9b94781f..f02b59a91 100644
--- a/src/registrar/tests/test_admin_domain.py
+++ b/src/registrar/tests/test_admin_domain.py
@@ -535,7 +535,7 @@ class TestDomainAdminWithClient(TestCase):
self.assertContains(response, "Testy Tester")
# Test for the copy link
- self.assertContains(response, "button--clipboard")
+ self.assertContains(response, "copy-to-clipboard")
# cleanup from this test
domain.delete()
diff --git a/src/registrar/tests/test_admin_request.py b/src/registrar/tests/test_admin_request.py
index a9b073472..217756359 100644
--- a/src/registrar/tests/test_admin_request.py
+++ b/src/registrar/tests/test_admin_request.py
@@ -595,7 +595,12 @@ class TestDomainRequestAdmin(MockEppLib):
@less_console_noise_decorator
def transition_state_and_send_email(
- self, domain_request, status, rejection_reason=None, action_needed_reason=None, action_needed_reason_email=None
+ self,
+ domain_request,
+ status,
+ rejection_reason=None,
+ action_needed_reason=None,
+ action_needed_reason_email=None,
):
"""Helper method for the email test cases."""
@@ -687,6 +692,10 @@ class TestDomainRequestAdmin(MockEppLib):
self.assert_email_is_accurate("ORGANIZATION ALREADY HAS A .GOV DOMAIN", 0, EMAIL, bcc_email_address=BCC_EMAIL)
self.assertEqual(len(self.mock_client.EMAILS_SENT), 1)
+ # We use javascript to reset the content of this. It is only automatically set
+ # if the email itself is somehow None.
+ self._reset_action_needed_email(domain_request)
+
# Test the email sent out for bad_name
bad_name = DomainRequest.ActionNeededReasons.BAD_NAME
self.transition_state_and_send_email(domain_request, action_needed, action_needed_reason=bad_name)
@@ -694,6 +703,7 @@ class TestDomainRequestAdmin(MockEppLib):
"DOMAIN NAME DOES NOT MEET .GOV REQUIREMENTS", 1, EMAIL, bcc_email_address=BCC_EMAIL
)
self.assertEqual(len(self.mock_client.EMAILS_SENT), 2)
+ self._reset_action_needed_email(domain_request)
# Test the email sent out for eligibility_unclear
eligibility_unclear = DomainRequest.ActionNeededReasons.ELIGIBILITY_UNCLEAR
@@ -702,6 +712,7 @@ class TestDomainRequestAdmin(MockEppLib):
"ORGANIZATION MAY NOT MEET ELIGIBILITY REQUIREMENTS", 2, EMAIL, bcc_email_address=BCC_EMAIL
)
self.assertEqual(len(self.mock_client.EMAILS_SENT), 3)
+ self._reset_action_needed_email(domain_request)
# Test that a custom email is sent out for questionable_so
questionable_so = DomainRequest.ActionNeededReasons.QUESTIONABLE_SENIOR_OFFICIAL
@@ -710,6 +721,7 @@ class TestDomainRequestAdmin(MockEppLib):
"SENIOR OFFICIAL DOES NOT MEET ELIGIBILITY REQUIREMENTS", 3, _creator.email, bcc_email_address=BCC_EMAIL
)
self.assertEqual(len(self.mock_client.EMAILS_SENT), 4)
+ self._reset_action_needed_email(domain_request)
# Assert that no other emails are sent on OTHER
other = DomainRequest.ActionNeededReasons.OTHER
@@ -717,6 +729,7 @@ class TestDomainRequestAdmin(MockEppLib):
# Should be unchanged from before
self.assertEqual(len(self.mock_client.EMAILS_SENT), 4)
+ self._reset_action_needed_email(domain_request)
# Tests if an analyst can override existing email content
questionable_so = DomainRequest.ActionNeededReasons.QUESTIONABLE_SENIOR_OFFICIAL
@@ -730,6 +743,7 @@ class TestDomainRequestAdmin(MockEppLib):
domain_request.refresh_from_db()
self.assert_email_is_accurate("custom email content", 4, _creator.email, bcc_email_address=BCC_EMAIL)
self.assertEqual(len(self.mock_client.EMAILS_SENT), 5)
+ self._reset_action_needed_email(domain_request)
# Tests if a new email gets sent when just the email is changed.
# An email should NOT be sent out if we just modify the email content.
@@ -741,6 +755,7 @@ class TestDomainRequestAdmin(MockEppLib):
)
self.assertEqual(len(self.mock_client.EMAILS_SENT), 5)
+ self._reset_action_needed_email(domain_request)
# Set the request back to in review
domain_request.in_review()
@@ -757,55 +772,53 @@ class TestDomainRequestAdmin(MockEppLib):
)
self.assertEqual(len(self.mock_client.EMAILS_SENT), 6)
- # def test_action_needed_sends_reason_email_prod_bcc(self):
- # """When an action needed reason is set, an email is sent out and help@get.gov
- # is BCC'd in production"""
- # # Ensure there is no user with this email
- # EMAIL = "mayor@igorville.gov"
- # BCC_EMAIL = settings.DEFAULT_FROM_EMAIL
- # User.objects.filter(email=EMAIL).delete()
- # in_review = DomainRequest.DomainRequestStatus.IN_REVIEW
- # action_needed = DomainRequest.DomainRequestStatus.ACTION_NEEDED
+ def _reset_action_needed_email(self, domain_request):
+ """Sets the given action needed email back to none"""
+ domain_request.action_needed_reason_email = None
+ domain_request.save()
+ domain_request.refresh_from_db()
- # # Create a sample domain request
- # domain_request = completed_domain_request(status=in_review)
+ @override_settings(IS_PRODUCTION=True)
+ @less_console_noise_decorator
+ def test_rejected_sends_reason_email_prod_bcc(self):
+ """When a rejection reason is set, an email is sent out and help@get.gov
+ is BCC'd in production"""
+ # Create fake creator
+ EMAIL = "meoward.jones@igorville.gov"
- # # Test the email sent out for already_has_domains
- # already_has_domains = DomainRequest.ActionNeededReasons.ALREADY_HAS_DOMAINS
- # self.transition_state_and_send_email(domain_request, action_needed, action_needed_reason=already_has_domains)
- # self.assert_email_is_accurate("ORGANIZATION ALREADY HAS A .GOV DOMAIN", 0, EMAIL, bcc_email_address=BCC_EMAIL)
- # self.assertEqual(len(self.mock_client.EMAILS_SENT), 1)
+ _creator = User.objects.create(
+ username="MrMeoward",
+ first_name="Meoward",
+ last_name="Jones",
+ email=EMAIL,
+ phone="(555) 123 12345",
+ title="Treat inspector",
+ )
- # # Test the email sent out for bad_name
- # bad_name = DomainRequest.ActionNeededReasons.BAD_NAME
- # self.transition_state_and_send_email(domain_request, action_needed, action_needed_reason=bad_name)
- # self.assert_email_is_accurate(
- # "DOMAIN NAME DOES NOT MEET .GOV REQUIREMENTS", 1, EMAIL, bcc_email_address=BCC_EMAIL
- # )
- # self.assertEqual(len(self.mock_client.EMAILS_SENT), 2)
+ BCC_EMAIL = settings.DEFAULT_FROM_EMAIL
+ in_review = DomainRequest.DomainRequestStatus.IN_REVIEW
+ rejected = DomainRequest.DomainRequestStatus.REJECTED
- # # Test the email sent out for eligibility_unclear
- # eligibility_unclear = DomainRequest.ActionNeededReasons.ELIGIBILITY_UNCLEAR
- # self.transition_state_and_send_email(domain_request, action_needed, action_needed_reason=eligibility_unclear)
- # self.assert_email_is_accurate(
- # "ORGANIZATION MAY NOT MEET ELIGIBILITY REQUIREMENTS", 2, EMAIL, bcc_email_address=BCC_EMAIL
- # )
- # self.assertEqual(len(self.mock_client.EMAILS_SENT), 3)
+ # Create a sample domain request
+ domain_request = completed_domain_request(status=in_review, user=_creator)
- # # Test the email sent out for questionable_so
- # questionable_so = DomainRequest.ActionNeededReasons.QUESTIONABLE_SENIOR_OFFICIAL
- # self.transition_state_and_send_email(domain_request, action_needed, action_needed_reason=questionable_so)
- # self.assert_email_is_accurate(
- # "SENIOR OFFICIAL DOES NOT MEET ELIGIBILITY REQUIREMENTS", 3, EMAIL, bcc_email_address=BCC_EMAIL
- # )
- # self.assertEqual(len(self.mock_client.EMAILS_SENT), 4)
-
- # # Assert that no other emails are sent on OTHER
- # other = DomainRequest.ActionNeededReasons.OTHER
- # self.transition_state_and_send_email(domain_request, action_needed, action_needed_reason=other)
-
- # # Should be unchanged from before
- # self.assertEqual(len(self.mock_client.EMAILS_SENT), 4)
+ expected_emails = {
+ DomainRequest.RejectionReasons.DOMAIN_PURPOSE: "You didn’t provide enough information about how",
+ DomainRequest.RejectionReasons.REQUESTOR_NOT_ELIGIBLE: "You must be a government employee, or be",
+ DomainRequest.RejectionReasons.ORG_HAS_DOMAIN: "practice is to approve one domain",
+ DomainRequest.RejectionReasons.CONTACTS_NOT_VERIFIED: "we could not verify the organizational",
+ DomainRequest.RejectionReasons.ORG_NOT_ELIGIBLE: ".Gov domains are only available to official U.S.-based",
+ DomainRequest.RejectionReasons.NAMING_REQUIREMENTS: "does not meet our naming requirements",
+ DomainRequest.RejectionReasons.OTHER: "YOU CAN SUBMIT A NEW REQUEST",
+ }
+ for i, (reason, email_content) in enumerate(expected_emails.items()):
+ with self.subTest(reason=reason):
+ self.transition_state_and_send_email(domain_request, status=rejected, rejection_reason=reason)
+ self.assert_email_is_accurate(email_content, i, EMAIL, bcc_email_address=BCC_EMAIL)
+ self.assertEqual(len(self.mock_client.EMAILS_SENT), i + 1)
+ domain_request.rejection_reason_email = None
+ domain_request.save()
+ domain_request.refresh_from_db()
@less_console_noise_decorator
def test_save_model_sends_submitted_email(self):
@@ -1034,7 +1047,9 @@ class TestDomainRequestAdmin(MockEppLib):
# Reject for reason REQUESTOR and test email including dynamic organization name
self.transition_state_and_send_email(
- domain_request, DomainRequest.DomainRequestStatus.REJECTED, DomainRequest.RejectionReasons.REQUESTOR
+ domain_request,
+ DomainRequest.DomainRequestStatus.REJECTED,
+ DomainRequest.RejectionReasons.REQUESTOR_NOT_ELIGIBLE,
)
self.assert_email_is_accurate(
"Your domain request was rejected because we don’t believe you’re eligible to request a \n.gov "
@@ -1072,7 +1087,7 @@ class TestDomainRequestAdmin(MockEppLib):
self.transition_state_and_send_email(
domain_request,
DomainRequest.DomainRequestStatus.REJECTED,
- DomainRequest.RejectionReasons.SECOND_DOMAIN_REASONING,
+ DomainRequest.RejectionReasons.ORG_HAS_DOMAIN,
)
self.assert_email_is_accurate(
"Your domain request was rejected because Testorg has a .gov domain.", 0, _creator.email
@@ -1108,7 +1123,7 @@ class TestDomainRequestAdmin(MockEppLib):
self.transition_state_and_send_email(
domain_request,
DomainRequest.DomainRequestStatus.REJECTED,
- DomainRequest.RejectionReasons.CONTACTS_OR_ORGANIZATION_LEGITIMACY,
+ DomainRequest.RejectionReasons.CONTACTS_NOT_VERIFIED,
)
self.assert_email_is_accurate(
"Your domain request was rejected because we could not verify the organizational \n"
@@ -1146,7 +1161,7 @@ class TestDomainRequestAdmin(MockEppLib):
self.transition_state_and_send_email(
domain_request,
DomainRequest.DomainRequestStatus.REJECTED,
- DomainRequest.RejectionReasons.ORGANIZATION_ELIGIBILITY,
+ DomainRequest.RejectionReasons.ORG_NOT_ELIGIBLE,
)
self.assert_email_is_accurate(
"Your domain request was rejected because we determined that Testorg is not \neligible for "
@@ -1275,7 +1290,7 @@ class TestDomainRequestAdmin(MockEppLib):
stack.enter_context(patch.object(messages, "error"))
stack.enter_context(patch.object(messages, "warning"))
domain_request.status = DomainRequest.DomainRequestStatus.REJECTED
- domain_request.rejection_reason = DomainRequest.RejectionReasons.CONTACTS_OR_ORGANIZATION_LEGITIMACY
+ domain_request.rejection_reason = DomainRequest.RejectionReasons.CONTACTS_NOT_VERIFIED
self.admin.save_model(request, domain_request, None, True)
@@ -1511,7 +1526,7 @@ class TestDomainRequestAdmin(MockEppLib):
self.test_helper.assert_response_contains_distinct_values(response, expected_other_employees_fields)
# Test for the copy link
- self.assertContains(response, "button--clipboard", count=4)
+ self.assertContains(response, "copy-to-clipboard", count=4)
# Test that Creator counts display properly
self.assertNotContains(response, "Approved domains")
@@ -1621,6 +1636,7 @@ class TestDomainRequestAdmin(MockEppLib):
"updated_at",
"status",
"rejection_reason",
+ "rejection_reason_email",
"action_needed_reason",
"action_needed_reason_email",
"federal_agency",
@@ -1840,12 +1856,64 @@ class TestDomainRequestAdmin(MockEppLib):
self.trigger_saving_approved_to_another_state(
False,
DomainRequest.DomainRequestStatus.REJECTED,
- DomainRequest.RejectionReasons.CONTACTS_OR_ORGANIZATION_LEGITIMACY,
+ DomainRequest.RejectionReasons.CONTACTS_NOT_VERIFIED,
)
def test_side_effects_when_saving_approved_to_ineligible(self):
self.trigger_saving_approved_to_another_state(False, DomainRequest.DomainRequestStatus.INELIGIBLE)
+ @less_console_noise
+ def test_error_when_saving_to_approved_and_domain_exists(self):
+ """Redundant admin check on model transition not allowed."""
+ Domain.objects.create(name="wabbitseason.gov")
+
+ new_request = completed_domain_request(
+ status=DomainRequest.DomainRequestStatus.SUBMITTED, name="wabbitseason.gov"
+ )
+
+ # Create a request object with a superuser
+ request = self.factory.post("/admin/registrar/domainrequest/{}/change/".format(new_request.pk))
+ request.user = self.superuser
+
+ request.session = {}
+
+ # Use ExitStack to combine patch contexts
+ with ExitStack() as stack:
+ # Patch django.contrib.messages.error
+ stack.enter_context(patch.object(messages, "error"))
+
+ new_request.status = DomainRequest.DomainRequestStatus.APPROVED
+
+ self.admin.save_model(request, new_request, None, True)
+
+ messages.error.assert_called_once_with(
+ request,
+ "Cannot approve. Requested domain is already in use.",
+ )
+
+ @less_console_noise
+ def test_no_error_when_saving_to_approved_and_domain_exists(self):
+ """The negative of the redundant admin check on model transition not allowed."""
+ new_request = completed_domain_request(status=DomainRequest.DomainRequestStatus.SUBMITTED)
+
+ # Create a request object with a superuser
+ request = self.factory.post("/admin/registrar/domainrequest/{}/change/".format(new_request.pk))
+ request.user = self.superuser
+
+ request.session = {}
+
+ # Use ExitStack to combine patch contexts
+ with ExitStack() as stack:
+ # Patch Domain.is_active and django.contrib.messages.error simultaneously
+ stack.enter_context(patch.object(messages, "error"))
+
+ new_request.status = DomainRequest.DomainRequestStatus.APPROVED
+
+ self.admin.save_model(request, new_request, None, True)
+
+ # Assert that the error message was never called
+ messages.error.assert_not_called()
+
def test_has_correct_filters(self):
"""
This test verifies that DomainRequestAdmin has the correct filters set up.
diff --git a/src/registrar/tests/test_api.py b/src/registrar/tests/test_api.py
index 218c63d4f..aba2d52e8 100644
--- a/src/registrar/tests/test_api.py
+++ b/src/registrar/tests/test_api.py
@@ -143,8 +143,8 @@ class GetActionNeededEmailForUserJsonTest(TestCase):
)
self.assertEqual(response.status_code, 200)
data = response.json()
- self.assertIn("action_needed_email", data)
- self.assertIn("ORGANIZATION MAY NOT MEET ELIGIBILITY REQUIREMENTS", data["action_needed_email"])
+ self.assertIn("email", data)
+ self.assertIn("ORGANIZATION MAY NOT MEET ELIGIBILITY REQUIREMENTS", data["email"])
@less_console_noise_decorator
def test_get_action_needed_email_for_user_json_analyst(self):
@@ -160,8 +160,8 @@ class GetActionNeededEmailForUserJsonTest(TestCase):
)
self.assertEqual(response.status_code, 200)
data = response.json()
- self.assertIn("action_needed_email", data)
- self.assertIn("SENIOR OFFICIAL DOES NOT MEET ELIGIBILITY REQUIREMENTS", data["action_needed_email"])
+ self.assertIn("email", data)
+ self.assertIn("SENIOR OFFICIAL DOES NOT MEET ELIGIBILITY REQUIREMENTS", data["email"])
@less_console_noise_decorator
def test_get_action_needed_email_for_user_json_regular(self):
@@ -176,3 +176,71 @@ class GetActionNeededEmailForUserJsonTest(TestCase):
},
)
self.assertEqual(response.status_code, 302)
+
+
+class GetRejectionEmailForUserJsonTest(TestCase):
+ def setUp(self):
+ self.client = Client()
+ self.superuser = create_superuser()
+ self.analyst_user = create_user()
+ self.agency = FederalAgency.objects.create(agency="Test Agency")
+ self.domain_request = completed_domain_request(
+ federal_agency=self.agency,
+ name="test.gov",
+ status=DomainRequest.DomainRequestStatus.REJECTED,
+ )
+
+ self.api_url = reverse("get-rejection-email-for-user-json")
+
+ def tearDown(self):
+ DomainRequest.objects.all().delete()
+ User.objects.all().delete()
+ FederalAgency.objects.all().delete()
+
+ @less_console_noise_decorator
+ def test_get_rejected_email_for_user_json_superuser(self):
+ """Test that a superuser can fetch the action needed email."""
+ self.client.force_login(self.superuser)
+
+ response = self.client.get(
+ self.api_url,
+ {
+ "reason": DomainRequest.RejectionReasons.CONTACTS_NOT_VERIFIED,
+ "domain_request_id": self.domain_request.id,
+ },
+ )
+ self.assertEqual(response.status_code, 200)
+ data = response.json()
+ self.assertIn("email", data)
+ self.assertIn("we could not verify the organizational", data["email"])
+
+ @less_console_noise_decorator
+ def test_get_rejected_email_for_user_json_analyst(self):
+ """Test that an analyst can fetch the action needed email."""
+ self.client.force_login(self.analyst_user)
+
+ response = self.client.get(
+ self.api_url,
+ {
+ "reason": DomainRequest.RejectionReasons.CONTACTS_NOT_VERIFIED,
+ "domain_request_id": self.domain_request.id,
+ },
+ )
+ self.assertEqual(response.status_code, 200)
+ data = response.json()
+ self.assertIn("email", data)
+ self.assertIn("we could not verify the organizational", data["email"])
+
+ @less_console_noise_decorator
+ def test_get_rejected_email_for_user_json_regular(self):
+ """Test that a regular user receives a 403 with an error message."""
+ p = "password"
+ self.client.login(username="testuser", password=p)
+ response = self.client.get(
+ self.api_url,
+ {
+ "reason": DomainRequest.RejectionReasons.CONTACTS_NOT_VERIFIED,
+ "domain_request_id": self.domain_request.id,
+ },
+ )
+ self.assertEqual(response.status_code, 302)
diff --git a/src/registrar/tests/test_forms.py b/src/registrar/tests/test_forms.py
index eb4cad040..12d9af8ac 100644
--- a/src/registrar/tests/test_forms.py
+++ b/src/registrar/tests/test_forms.py
@@ -33,7 +33,7 @@ class TestFormValidation(MockEppLib):
form = OrganizationContactForm(data={"zipcode": "nah"})
self.assertEqual(
form.errors["zipcode"],
- ["Enter a zip code in the form of 12345 or 12345-6789."],
+ ["Enter a 5-digit or 9-digit zip code, like 12345 or 12345-6789."],
)
def test_org_contact_zip_valid(self):
diff --git a/src/registrar/tests/test_models.py b/src/registrar/tests/test_models.py
index 015c67dab..02902c1a9 100644
--- a/src/registrar/tests/test_models.py
+++ b/src/registrar/tests/test_models.py
@@ -1,7 +1,5 @@
from django.forms import ValidationError
from django.test import TestCase
-from django.db.utils import IntegrityError
-from django.db import transaction
from unittest.mock import patch
from django.test import RequestFactory
@@ -20,1045 +18,23 @@ from registrar.models import (
UserPortfolioPermission,
AllowedEmail,
)
-
import boto3_mocking
from registrar.models.portfolio import Portfolio
from registrar.models.portfolio_invitation import PortfolioInvitation
from registrar.models.transition_domain import TransitionDomain
from registrar.models.utility.portfolio_helper import UserPortfolioPermissionChoices, UserPortfolioRoleChoices
from registrar.models.verified_by_staff import VerifiedByStaff # type: ignore
-from registrar.utility.constants import BranchChoices
from .common import (
MockSESClient,
- less_console_noise,
completed_domain_request,
- set_domain_request_investigators,
create_test_user,
)
-from django_fsm import TransitionNotAllowed
from waffle.testutils import override_flag
from api.tests.common import less_console_noise_decorator
-@boto3_mocking.patching
-class TestDomainRequest(TestCase):
- @less_console_noise_decorator
- def setUp(self):
-
- self.dummy_user, _ = Contact.objects.get_or_create(
- email="mayor@igorville.com", first_name="Hello", last_name="World"
- )
- self.dummy_user_2, _ = User.objects.get_or_create(
- username="intern@igorville.com", email="intern@igorville.com", first_name="Lava", last_name="World"
- )
- self.started_domain_request = completed_domain_request(
- status=DomainRequest.DomainRequestStatus.STARTED,
- name="started.gov",
- )
- self.submitted_domain_request = completed_domain_request(
- status=DomainRequest.DomainRequestStatus.SUBMITTED,
- name="submitted.gov",
- )
- self.in_review_domain_request = completed_domain_request(
- status=DomainRequest.DomainRequestStatus.IN_REVIEW,
- name="in-review.gov",
- )
- self.action_needed_domain_request = completed_domain_request(
- status=DomainRequest.DomainRequestStatus.ACTION_NEEDED,
- name="action-needed.gov",
- )
- self.approved_domain_request = completed_domain_request(
- status=DomainRequest.DomainRequestStatus.APPROVED,
- name="approved.gov",
- )
- self.withdrawn_domain_request = completed_domain_request(
- status=DomainRequest.DomainRequestStatus.WITHDRAWN,
- name="withdrawn.gov",
- )
- self.rejected_domain_request = completed_domain_request(
- status=DomainRequest.DomainRequestStatus.REJECTED,
- name="rejected.gov",
- )
- self.ineligible_domain_request = completed_domain_request(
- status=DomainRequest.DomainRequestStatus.INELIGIBLE,
- name="ineligible.gov",
- )
-
- # Store all domain request statuses in a variable for ease of use
- self.all_domain_requests = [
- self.started_domain_request,
- self.submitted_domain_request,
- self.in_review_domain_request,
- self.action_needed_domain_request,
- self.approved_domain_request,
- self.withdrawn_domain_request,
- self.rejected_domain_request,
- self.ineligible_domain_request,
- ]
-
- self.mock_client = MockSESClient()
-
- def tearDown(self):
- super().tearDown()
- DomainInformation.objects.all().delete()
- DomainRequest.objects.all().delete()
- DraftDomain.objects.all().delete()
- Domain.objects.all().delete()
- User.objects.all().delete()
- self.mock_client.EMAILS_SENT.clear()
-
- def assertNotRaises(self, exception_type):
- """Helper method for testing allowed transitions."""
- with less_console_noise():
- return self.assertRaises(Exception, None, exception_type)
-
- @less_console_noise_decorator
- def test_request_is_withdrawable(self):
- """Tests the is_withdrawable function"""
- domain_request_1 = completed_domain_request(
- status=DomainRequest.DomainRequestStatus.SUBMITTED,
- name="city2.gov",
- )
- domain_request_2 = completed_domain_request(
- status=DomainRequest.DomainRequestStatus.IN_REVIEW,
- name="city3.gov",
- )
- domain_request_3 = completed_domain_request(
- status=DomainRequest.DomainRequestStatus.ACTION_NEEDED,
- name="city4.gov",
- )
- domain_request_4 = completed_domain_request(
- status=DomainRequest.DomainRequestStatus.REJECTED,
- name="city5.gov",
- )
- self.assertTrue(domain_request_1.is_withdrawable())
- self.assertTrue(domain_request_2.is_withdrawable())
- self.assertTrue(domain_request_3.is_withdrawable())
- self.assertFalse(domain_request_4.is_withdrawable())
-
- @less_console_noise_decorator
- def test_request_is_awaiting_review(self):
- """Tests the is_awaiting_review function"""
- domain_request_1 = completed_domain_request(
- status=DomainRequest.DomainRequestStatus.SUBMITTED,
- name="city2.gov",
- )
- domain_request_2 = completed_domain_request(
- status=DomainRequest.DomainRequestStatus.IN_REVIEW,
- name="city3.gov",
- )
- domain_request_3 = completed_domain_request(
- status=DomainRequest.DomainRequestStatus.ACTION_NEEDED,
- name="city4.gov",
- )
- domain_request_4 = completed_domain_request(
- status=DomainRequest.DomainRequestStatus.REJECTED,
- name="city5.gov",
- )
- self.assertTrue(domain_request_1.is_awaiting_review())
- self.assertTrue(domain_request_2.is_awaiting_review())
- self.assertFalse(domain_request_3.is_awaiting_review())
- self.assertFalse(domain_request_4.is_awaiting_review())
-
- @less_console_noise_decorator
- def test_federal_agency_set_to_non_federal_on_approve(self):
- """Ensures that when the federal_agency field is 'none' when .approve() is called,
- the field is set to the 'Non-Federal Agency' record"""
- domain_request = completed_domain_request(
- status=DomainRequest.DomainRequestStatus.IN_REVIEW,
- name="city2.gov",
- federal_agency=None,
- )
-
- # Ensure that the federal agency is None
- self.assertEqual(domain_request.federal_agency, None)
-
- # Approve the request
- domain_request.approve()
- self.assertEqual(domain_request.status, DomainRequest.DomainRequestStatus.APPROVED)
-
- # After approval, it should be "Non-Federal agency"
- expected_federal_agency = FederalAgency.objects.filter(agency="Non-Federal Agency").first()
- self.assertEqual(domain_request.federal_agency, expected_federal_agency)
-
- def test_empty_create_fails(self):
- """Can't create a completely empty domain request."""
- with less_console_noise():
- with transaction.atomic():
- with self.assertRaisesRegex(IntegrityError, "creator"):
- DomainRequest.objects.create()
-
- @less_console_noise_decorator
- def test_minimal_create(self):
- """Can create with just a creator."""
- user, _ = User.objects.get_or_create(username="testy")
- domain_request = DomainRequest.objects.create(creator=user)
- self.assertEqual(domain_request.status, DomainRequest.DomainRequestStatus.STARTED)
-
- @less_console_noise_decorator
- def test_full_create(self):
- """Can create with all fields."""
- user, _ = User.objects.get_or_create(username="testy")
- contact = Contact.objects.create()
- com_website, _ = Website.objects.get_or_create(website="igorville.com")
- gov_website, _ = Website.objects.get_or_create(website="igorville.gov")
- domain, _ = DraftDomain.objects.get_or_create(name="igorville.gov")
- domain_request = DomainRequest.objects.create(
- creator=user,
- investigator=user,
- generic_org_type=DomainRequest.OrganizationChoices.FEDERAL,
- federal_type=BranchChoices.EXECUTIVE,
- is_election_board=False,
- organization_name="Test",
- address_line1="100 Main St.",
- address_line2="APT 1A",
- state_territory="CA",
- zipcode="12345-6789",
- senior_official=contact,
- requested_domain=domain,
- purpose="Igorville rules!",
- anything_else="All of Igorville loves the dotgov program.",
- is_policy_acknowledged=True,
- )
- domain_request.current_websites.add(com_website)
- domain_request.alternative_domains.add(gov_website)
- domain_request.other_contacts.add(contact)
- domain_request.save()
-
- @less_console_noise_decorator
- def test_domain_info(self):
- """Can create domain info with all fields."""
- user, _ = User.objects.get_or_create(username="testy")
- contact = Contact.objects.create()
- domain, _ = Domain.objects.get_or_create(name="igorville.gov")
- information = DomainInformation.objects.create(
- creator=user,
- generic_org_type=DomainInformation.OrganizationChoices.FEDERAL,
- federal_type=BranchChoices.EXECUTIVE,
- is_election_board=False,
- organization_name="Test",
- address_line1="100 Main St.",
- address_line2="APT 1A",
- state_territory="CA",
- zipcode="12345-6789",
- senior_official=contact,
- purpose="Igorville rules!",
- anything_else="All of Igorville loves the dotgov program.",
- is_policy_acknowledged=True,
- domain=domain,
- )
- information.other_contacts.add(contact)
- information.save()
- self.assertEqual(information.domain.id, domain.id)
- self.assertEqual(information.id, domain.domain_info.id)
-
- @less_console_noise_decorator
- def test_status_fsm_submit_fail(self):
- user, _ = User.objects.get_or_create(username="testy")
- domain_request = DomainRequest.objects.create(creator=user)
-
- with boto3_mocking.clients.handler_for("sesv2", self.mock_client):
- with less_console_noise():
- with self.assertRaises(ValueError):
- # can't submit a domain request with a null domain name
- domain_request.submit()
-
- @less_console_noise_decorator
- def test_status_fsm_submit_succeed(self):
- user, _ = User.objects.get_or_create(username="testy")
- site = DraftDomain.objects.create(name="igorville.gov")
- domain_request = DomainRequest.objects.create(creator=user, requested_domain=site)
-
- # no email sent to creator so this emits a log warning
-
- with boto3_mocking.clients.handler_for("sesv2", self.mock_client):
- with less_console_noise():
- domain_request.submit()
- self.assertEqual(domain_request.status, domain_request.DomainRequestStatus.SUBMITTED)
-
- @less_console_noise_decorator
- def check_email_sent(
- self, domain_request, msg, action, expected_count, expected_content=None, expected_email="mayor@igorville.com"
- ):
- """Check if an email was sent after performing an action."""
- email_allowed, _ = AllowedEmail.objects.get_or_create(email=expected_email)
- with self.subTest(msg=msg, action=action):
- with boto3_mocking.clients.handler_for("sesv2", self.mock_client):
- # Perform the specified action
- action_method = getattr(domain_request, action)
- action_method()
-
- # Check if an email was sent
- sent_emails = [
- email
- for email in MockSESClient.EMAILS_SENT
- if expected_email in email["kwargs"]["Destination"]["ToAddresses"]
- ]
- self.assertEqual(len(sent_emails), expected_count)
-
- if expected_content:
- email_content = sent_emails[0]["kwargs"]["Content"]["Simple"]["Body"]["Text"]["Data"]
- self.assertIn(expected_content, email_content)
-
- email_allowed.delete()
-
- @less_console_noise_decorator
- def test_submit_from_started_sends_email_to_creator(self):
- """tests that we send an email to the creator"""
- msg = "Create a domain request and submit it and see if email was sent when the feature flag is on."
- domain_request = completed_domain_request(user=self.dummy_user_2)
- self.check_email_sent(
- domain_request, msg, "submit", 1, expected_content="Lava", expected_email="intern@igorville.com"
- )
-
- @less_console_noise_decorator
- def test_submit_from_withdrawn_sends_email(self):
- msg = "Create a withdrawn domain request and submit it and see if email was sent."
- user, _ = User.objects.get_or_create(username="testy")
- domain_request = completed_domain_request(status=DomainRequest.DomainRequestStatus.WITHDRAWN, user=user)
- self.check_email_sent(domain_request, msg, "submit", 1, expected_content="Hi", expected_email=user.email)
-
- @less_console_noise_decorator
- def test_submit_from_action_needed_does_not_send_email(self):
- msg = "Create a domain request with ACTION_NEEDED status and submit it, check if email was not sent."
- domain_request = completed_domain_request(status=DomainRequest.DomainRequestStatus.ACTION_NEEDED)
- self.check_email_sent(domain_request, msg, "submit", 0)
-
- @less_console_noise_decorator
- def test_submit_from_in_review_does_not_send_email(self):
- msg = "Create a withdrawn domain request and submit it and see if email was sent."
- domain_request = completed_domain_request(status=DomainRequest.DomainRequestStatus.IN_REVIEW)
- self.check_email_sent(domain_request, msg, "submit", 0)
-
- @less_console_noise_decorator
- def test_approve_sends_email(self):
- msg = "Create a domain request and approve it and see if email was sent."
- user, _ = User.objects.get_or_create(username="testy")
- domain_request = completed_domain_request(status=DomainRequest.DomainRequestStatus.IN_REVIEW, user=user)
- self.check_email_sent(domain_request, msg, "approve", 1, expected_content="approved", expected_email=user.email)
-
- @less_console_noise_decorator
- def test_withdraw_sends_email(self):
- msg = "Create a domain request and withdraw it and see if email was sent."
- user, _ = User.objects.get_or_create(username="testy")
- domain_request = completed_domain_request(status=DomainRequest.DomainRequestStatus.IN_REVIEW, user=user)
- self.check_email_sent(
- domain_request, msg, "withdraw", 1, expected_content="withdrawn", expected_email=user.email
- )
-
- @less_console_noise_decorator
- def test_reject_sends_email(self):
- msg = "Create a domain request and reject it and see if email was sent."
- user, _ = User.objects.get_or_create(username="testy")
- domain_request = completed_domain_request(status=DomainRequest.DomainRequestStatus.APPROVED, user=user)
- self.check_email_sent(domain_request, msg, "reject", 1, expected_content="Hi", expected_email=user.email)
-
- @less_console_noise_decorator
- def test_reject_with_prejudice_does_not_send_email(self):
- msg = "Create a domain request and reject it with prejudice and see if email was sent."
- domain_request = completed_domain_request(status=DomainRequest.DomainRequestStatus.APPROVED)
- self.check_email_sent(domain_request, msg, "reject_with_prejudice", 0)
-
- @less_console_noise_decorator
- def assert_fsm_transition_raises_error(self, test_cases, method_to_run):
- """Given a list of test cases, check if each transition throws the intended error"""
- with boto3_mocking.clients.handler_for("sesv2", self.mock_client), less_console_noise():
- for domain_request, exception_type in test_cases:
- with self.subTest(domain_request=domain_request, exception_type=exception_type):
- with self.assertRaises(exception_type):
- # Retrieve the method by name from the domain_request object and call it
- method = getattr(domain_request, method_to_run)
- # Call the method
- method()
-
- @less_console_noise_decorator
- def assert_fsm_transition_does_not_raise_error(self, test_cases, method_to_run):
- """Given a list of test cases, ensure that none of them throw transition errors"""
- with boto3_mocking.clients.handler_for("sesv2", self.mock_client), less_console_noise():
- for domain_request, exception_type in test_cases:
- with self.subTest(domain_request=domain_request, exception_type=exception_type):
- try:
- # Retrieve the method by name from the DomainRequest object and call it
- method = getattr(domain_request, method_to_run)
- # Call the method
- method()
- except exception_type:
- self.fail(f"{exception_type} was raised, but it was not expected.")
-
- @less_console_noise_decorator
- def test_submit_transition_allowed_with_no_investigator(self):
- """
- Tests for attempting to transition without an investigator.
- For submit, this should be valid in all cases.
- """
-
- test_cases = [
- (self.started_domain_request, TransitionNotAllowed),
- (self.in_review_domain_request, TransitionNotAllowed),
- (self.action_needed_domain_request, TransitionNotAllowed),
- (self.withdrawn_domain_request, TransitionNotAllowed),
- ]
-
- # Set all investigators to none
- set_domain_request_investigators(self.all_domain_requests, None)
-
- self.assert_fsm_transition_does_not_raise_error(test_cases, "submit")
-
- @less_console_noise_decorator
- def test_submit_transition_allowed_with_investigator_not_staff(self):
- """
- Tests for attempting to transition with an investigator user that is not staff.
- For submit, this should be valid in all cases.
- """
-
- test_cases = [
- (self.in_review_domain_request, TransitionNotAllowed),
- (self.action_needed_domain_request, TransitionNotAllowed),
- ]
-
- # Set all investigators to a user with no staff privs
- user, _ = User.objects.get_or_create(username="pancakesyrup", is_staff=False)
- set_domain_request_investigators(self.all_domain_requests, user)
-
- self.assert_fsm_transition_does_not_raise_error(test_cases, "submit")
-
- @less_console_noise_decorator
- def test_submit_transition_allowed(self):
- """
- Test that calling submit from allowable statuses does raises TransitionNotAllowed.
- """
- test_cases = [
- (self.started_domain_request, TransitionNotAllowed),
- (self.in_review_domain_request, TransitionNotAllowed),
- (self.action_needed_domain_request, TransitionNotAllowed),
- (self.withdrawn_domain_request, TransitionNotAllowed),
- ]
-
- self.assert_fsm_transition_does_not_raise_error(test_cases, "submit")
-
- @less_console_noise_decorator
- def test_submit_transition_allowed_twice(self):
- """
- Test that rotating between submit and in_review doesn't throw an error
- """
- with boto3_mocking.clients.handler_for("sesv2", self.mock_client):
- try:
- # Make a submission
- self.in_review_domain_request.submit()
-
- # Rerun the old method to get back to the original state
- self.in_review_domain_request.in_review()
-
- # Make another submission
- self.in_review_domain_request.submit()
- except TransitionNotAllowed:
- self.fail("TransitionNotAllowed was raised, but it was not expected.")
-
- self.assertEqual(self.in_review_domain_request.status, DomainRequest.DomainRequestStatus.SUBMITTED)
-
- @less_console_noise_decorator
- def test_submit_transition_not_allowed(self):
- """
- Test that calling submit against transition rules raises TransitionNotAllowed.
- """
- test_cases = [
- (self.submitted_domain_request, TransitionNotAllowed),
- (self.approved_domain_request, TransitionNotAllowed),
- (self.rejected_domain_request, TransitionNotAllowed),
- (self.ineligible_domain_request, TransitionNotAllowed),
- ]
-
- self.assert_fsm_transition_raises_error(test_cases, "submit")
-
- @less_console_noise_decorator
- def test_in_review_transition_allowed(self):
- """
- Test that calling in_review from allowable statuses does raises TransitionNotAllowed.
- """
- test_cases = [
- (self.submitted_domain_request, TransitionNotAllowed),
- (self.action_needed_domain_request, TransitionNotAllowed),
- (self.approved_domain_request, TransitionNotAllowed),
- (self.rejected_domain_request, TransitionNotAllowed),
- (self.ineligible_domain_request, TransitionNotAllowed),
- ]
-
- self.assert_fsm_transition_does_not_raise_error(test_cases, "in_review")
-
- @less_console_noise_decorator
- def test_in_review_transition_not_allowed_with_no_investigator(self):
- """
- Tests for attempting to transition without an investigator
- """
-
- test_cases = [
- (self.action_needed_domain_request, TransitionNotAllowed),
- (self.approved_domain_request, TransitionNotAllowed),
- (self.rejected_domain_request, TransitionNotAllowed),
- (self.ineligible_domain_request, TransitionNotAllowed),
- ]
-
- # Set all investigators to none
- set_domain_request_investigators(self.all_domain_requests, None)
-
- self.assert_fsm_transition_raises_error(test_cases, "in_review")
-
- @less_console_noise_decorator
- def test_in_review_transition_not_allowed_with_investigator_not_staff(self):
- """
- Tests for attempting to transition with an investigator that is not staff.
- This should throw an exception.
- """
-
- test_cases = [
- (self.action_needed_domain_request, TransitionNotAllowed),
- (self.approved_domain_request, TransitionNotAllowed),
- (self.rejected_domain_request, TransitionNotAllowed),
- (self.ineligible_domain_request, TransitionNotAllowed),
- ]
-
- # Set all investigators to a user with no staff privs
- user, _ = User.objects.get_or_create(username="pancakesyrup", is_staff=False)
- set_domain_request_investigators(self.all_domain_requests, user)
-
- self.assert_fsm_transition_raises_error(test_cases, "in_review")
-
- @less_console_noise_decorator
- def test_in_review_transition_not_allowed(self):
- """
- Test that calling in_review against transition rules raises TransitionNotAllowed.
- """
- test_cases = [
- (self.started_domain_request, TransitionNotAllowed),
- (self.in_review_domain_request, TransitionNotAllowed),
- (self.withdrawn_domain_request, TransitionNotAllowed),
- ]
-
- self.assert_fsm_transition_raises_error(test_cases, "in_review")
-
- @less_console_noise_decorator
- def test_action_needed_transition_allowed(self):
- """
- Test that calling action_needed from allowable statuses does raises TransitionNotAllowed.
- """
- test_cases = [
- (self.in_review_domain_request, TransitionNotAllowed),
- (self.approved_domain_request, TransitionNotAllowed),
- (self.rejected_domain_request, TransitionNotAllowed),
- (self.ineligible_domain_request, TransitionNotAllowed),
- ]
-
- self.assert_fsm_transition_does_not_raise_error(test_cases, "action_needed")
-
- @less_console_noise_decorator
- def test_action_needed_transition_not_allowed_with_no_investigator(self):
- """
- Tests for attempting to transition without an investigator
- """
-
- test_cases = [
- (self.in_review_domain_request, TransitionNotAllowed),
- (self.approved_domain_request, TransitionNotAllowed),
- (self.rejected_domain_request, TransitionNotAllowed),
- (self.ineligible_domain_request, TransitionNotAllowed),
- ]
-
- # Set all investigators to none
- set_domain_request_investigators(self.all_domain_requests, None)
-
- self.assert_fsm_transition_raises_error(test_cases, "action_needed")
-
- @less_console_noise_decorator
- def test_action_needed_transition_not_allowed_with_investigator_not_staff(self):
- """
- Tests for attempting to transition with an investigator that is not staff
- """
-
- test_cases = [
- (self.in_review_domain_request, TransitionNotAllowed),
- (self.approved_domain_request, TransitionNotAllowed),
- (self.rejected_domain_request, TransitionNotAllowed),
- (self.ineligible_domain_request, TransitionNotAllowed),
- ]
-
- # Set all investigators to a user with no staff privs
- user, _ = User.objects.get_or_create(username="pancakesyrup", is_staff=False)
- set_domain_request_investigators(self.all_domain_requests, user)
-
- self.assert_fsm_transition_raises_error(test_cases, "action_needed")
-
- @less_console_noise_decorator
- def test_action_needed_transition_not_allowed(self):
- """
- Test that calling action_needed against transition rules raises TransitionNotAllowed.
- """
- test_cases = [
- (self.started_domain_request, TransitionNotAllowed),
- (self.submitted_domain_request, TransitionNotAllowed),
- (self.action_needed_domain_request, TransitionNotAllowed),
- (self.withdrawn_domain_request, TransitionNotAllowed),
- ]
-
- self.assert_fsm_transition_raises_error(test_cases, "action_needed")
-
- @less_console_noise_decorator
- def test_approved_transition_allowed(self):
- """
- Test that calling action_needed from allowable statuses does raises TransitionNotAllowed.
- """
- test_cases = [
- (self.submitted_domain_request, TransitionNotAllowed),
- (self.in_review_domain_request, TransitionNotAllowed),
- (self.action_needed_domain_request, TransitionNotAllowed),
- (self.rejected_domain_request, TransitionNotAllowed),
- ]
-
- self.assert_fsm_transition_does_not_raise_error(test_cases, "approve")
-
- @less_console_noise_decorator
- def test_approved_transition_not_allowed_with_no_investigator(self):
- """
- Tests for attempting to transition without an investigator
- """
-
- test_cases = [
- (self.in_review_domain_request, TransitionNotAllowed),
- (self.action_needed_domain_request, TransitionNotAllowed),
- (self.rejected_domain_request, TransitionNotAllowed),
- ]
-
- # Set all investigators to none
- set_domain_request_investigators(self.all_domain_requests, None)
-
- self.assert_fsm_transition_raises_error(test_cases, "approve")
-
- @less_console_noise_decorator
- def test_approved_transition_not_allowed_with_investigator_not_staff(self):
- """
- Tests for attempting to transition with an investigator that is not staff
- """
-
- test_cases = [
- (self.in_review_domain_request, TransitionNotAllowed),
- (self.action_needed_domain_request, TransitionNotAllowed),
- (self.rejected_domain_request, TransitionNotAllowed),
- ]
-
- # Set all investigators to a user with no staff privs
- user, _ = User.objects.get_or_create(username="pancakesyrup", is_staff=False)
- set_domain_request_investigators(self.all_domain_requests, user)
-
- self.assert_fsm_transition_raises_error(test_cases, "approve")
-
- @less_console_noise_decorator
- def test_approved_skips_sending_email(self):
- """
- Test that calling .approve with send_email=False doesn't actually send
- an email
- """
-
- with boto3_mocking.clients.handler_for("sesv2", self.mock_client):
- self.submitted_domain_request.approve(send_email=False)
-
- # Assert that no emails were sent
- self.assertEqual(len(self.mock_client.EMAILS_SENT), 0)
-
- @less_console_noise_decorator
- def test_approved_transition_not_allowed(self):
- """
- Test that calling action_needed against transition rules raises TransitionNotAllowed.
- """
- test_cases = [
- (self.started_domain_request, TransitionNotAllowed),
- (self.approved_domain_request, TransitionNotAllowed),
- (self.withdrawn_domain_request, TransitionNotAllowed),
- (self.ineligible_domain_request, TransitionNotAllowed),
- ]
- self.assert_fsm_transition_raises_error(test_cases, "approve")
-
- @less_console_noise_decorator
- def test_withdraw_transition_allowed(self):
- """
- Test that calling action_needed from allowable statuses does raises TransitionNotAllowed.
- """
- test_cases = [
- (self.submitted_domain_request, TransitionNotAllowed),
- (self.in_review_domain_request, TransitionNotAllowed),
- (self.action_needed_domain_request, TransitionNotAllowed),
- ]
-
- self.assert_fsm_transition_does_not_raise_error(test_cases, "withdraw")
-
- @less_console_noise_decorator
- def test_withdraw_transition_allowed_with_no_investigator(self):
- """
- Tests for attempting to transition without an investigator.
- For withdraw, this should be valid in all cases.
- """
-
- test_cases = [
- (self.submitted_domain_request, TransitionNotAllowed),
- (self.in_review_domain_request, TransitionNotAllowed),
- (self.action_needed_domain_request, TransitionNotAllowed),
- ]
-
- # Set all investigators to none
- set_domain_request_investigators(self.all_domain_requests, None)
-
- self.assert_fsm_transition_does_not_raise_error(test_cases, "withdraw")
-
- @less_console_noise_decorator
- def test_withdraw_transition_allowed_with_investigator_not_staff(self):
- """
- Tests for attempting to transition when investigator is not staff.
- For withdraw, this should be valid in all cases.
- """
-
- test_cases = [
- (self.submitted_domain_request, TransitionNotAllowed),
- (self.in_review_domain_request, TransitionNotAllowed),
- (self.action_needed_domain_request, TransitionNotAllowed),
- ]
-
- # Set all investigators to a user with no staff privs
- user, _ = User.objects.get_or_create(username="pancakesyrup", is_staff=False)
- set_domain_request_investigators(self.all_domain_requests, user)
-
- self.assert_fsm_transition_does_not_raise_error(test_cases, "withdraw")
-
- @less_console_noise_decorator
- def test_withdraw_transition_not_allowed(self):
- """
- Test that calling action_needed against transition rules raises TransitionNotAllowed.
- """
- test_cases = [
- (self.started_domain_request, TransitionNotAllowed),
- (self.approved_domain_request, TransitionNotAllowed),
- (self.withdrawn_domain_request, TransitionNotAllowed),
- (self.rejected_domain_request, TransitionNotAllowed),
- (self.ineligible_domain_request, TransitionNotAllowed),
- ]
-
- self.assert_fsm_transition_raises_error(test_cases, "withdraw")
-
- @less_console_noise_decorator
- def test_reject_transition_allowed(self):
- """
- Test that calling action_needed from allowable statuses does raises TransitionNotAllowed.
- """
- test_cases = [
- (self.in_review_domain_request, TransitionNotAllowed),
- (self.action_needed_domain_request, TransitionNotAllowed),
- (self.approved_domain_request, TransitionNotAllowed),
- ]
-
- self.assert_fsm_transition_does_not_raise_error(test_cases, "reject")
-
- @less_console_noise_decorator
- def test_reject_transition_not_allowed_with_no_investigator(self):
- """
- Tests for attempting to transition without an investigator
- """
-
- test_cases = [
- (self.in_review_domain_request, TransitionNotAllowed),
- (self.action_needed_domain_request, TransitionNotAllowed),
- (self.approved_domain_request, TransitionNotAllowed),
- ]
-
- # Set all investigators to none
- set_domain_request_investigators(self.all_domain_requests, None)
-
- self.assert_fsm_transition_raises_error(test_cases, "reject")
-
- @less_console_noise_decorator
- def test_reject_transition_not_allowed_with_investigator_not_staff(self):
- """
- Tests for attempting to transition when investigator is not staff
- """
-
- test_cases = [
- (self.in_review_domain_request, TransitionNotAllowed),
- (self.action_needed_domain_request, TransitionNotAllowed),
- (self.approved_domain_request, TransitionNotAllowed),
- ]
-
- # Set all investigators to a user with no staff privs
- user, _ = User.objects.get_or_create(username="pancakesyrup", is_staff=False)
- set_domain_request_investigators(self.all_domain_requests, user)
-
- self.assert_fsm_transition_raises_error(test_cases, "reject")
-
- @less_console_noise_decorator
- def test_reject_transition_not_allowed(self):
- """
- Test that calling action_needed against transition rules raises TransitionNotAllowed.
- """
- test_cases = [
- (self.started_domain_request, TransitionNotAllowed),
- (self.submitted_domain_request, TransitionNotAllowed),
- (self.withdrawn_domain_request, TransitionNotAllowed),
- (self.rejected_domain_request, TransitionNotAllowed),
- (self.ineligible_domain_request, TransitionNotAllowed),
- ]
-
- self.assert_fsm_transition_raises_error(test_cases, "reject")
-
- @less_console_noise_decorator
- def test_reject_with_prejudice_transition_allowed(self):
- """
- Test that calling action_needed from allowable statuses does raises TransitionNotAllowed.
- """
- test_cases = [
- (self.in_review_domain_request, TransitionNotAllowed),
- (self.action_needed_domain_request, TransitionNotAllowed),
- (self.approved_domain_request, TransitionNotAllowed),
- (self.rejected_domain_request, TransitionNotAllowed),
- ]
-
- self.assert_fsm_transition_does_not_raise_error(test_cases, "reject_with_prejudice")
-
- @less_console_noise_decorator
- def test_reject_with_prejudice_transition_not_allowed_with_no_investigator(self):
- """
- Tests for attempting to transition without an investigator
- """
-
- test_cases = [
- (self.in_review_domain_request, TransitionNotAllowed),
- (self.action_needed_domain_request, TransitionNotAllowed),
- (self.approved_domain_request, TransitionNotAllowed),
- (self.rejected_domain_request, TransitionNotAllowed),
- ]
-
- # Set all investigators to none
- set_domain_request_investigators(self.all_domain_requests, None)
-
- self.assert_fsm_transition_raises_error(test_cases, "reject_with_prejudice")
-
- @less_console_noise_decorator
- def test_reject_with_prejudice_not_allowed_with_investigator_not_staff(self):
- """
- Tests for attempting to transition when investigator is not staff
- """
-
- test_cases = [
- (self.in_review_domain_request, TransitionNotAllowed),
- (self.action_needed_domain_request, TransitionNotAllowed),
- (self.approved_domain_request, TransitionNotAllowed),
- (self.rejected_domain_request, TransitionNotAllowed),
- ]
-
- # Set all investigators to a user with no staff privs
- user, _ = User.objects.get_or_create(username="pancakesyrup", is_staff=False)
- set_domain_request_investigators(self.all_domain_requests, user)
-
- self.assert_fsm_transition_raises_error(test_cases, "reject_with_prejudice")
-
- @less_console_noise_decorator
- def test_reject_with_prejudice_transition_not_allowed(self):
- """
- Test that calling action_needed against transition rules raises TransitionNotAllowed.
- """
- test_cases = [
- (self.started_domain_request, TransitionNotAllowed),
- (self.submitted_domain_request, TransitionNotAllowed),
- (self.withdrawn_domain_request, TransitionNotAllowed),
- (self.ineligible_domain_request, TransitionNotAllowed),
- ]
-
- self.assert_fsm_transition_raises_error(test_cases, "reject_with_prejudice")
-
- @less_console_noise_decorator
- def test_transition_not_allowed_approved_in_review_when_domain_is_active(self):
- """Create a domain request with status approved, create a matching domain that
- is active, and call in_review against transition rules"""
-
- domain = Domain.objects.create(name=self.approved_domain_request.requested_domain.name)
- self.approved_domain_request.approved_domain = domain
- self.approved_domain_request.save()
-
- # Define a custom implementation for is_active
- def custom_is_active(self):
- return True # Override to return True
-
- with boto3_mocking.clients.handler_for("sesv2", self.mock_client):
- # Use patch to temporarily replace is_active with the custom implementation
- with patch.object(Domain, "is_active", custom_is_active):
- # Now, when you call is_active on Domain, it will return True
- with self.assertRaises(TransitionNotAllowed):
- self.approved_domain_request.in_review()
-
- @less_console_noise_decorator
- def test_transition_not_allowed_approved_action_needed_when_domain_is_active(self):
- """Create a domain request with status approved, create a matching domain that
- is active, and call action_needed against transition rules"""
-
- domain = Domain.objects.create(name=self.approved_domain_request.requested_domain.name)
- self.approved_domain_request.approved_domain = domain
- self.approved_domain_request.save()
-
- # Define a custom implementation for is_active
- def custom_is_active(self):
- return True # Override to return True
-
- with boto3_mocking.clients.handler_for("sesv2", self.mock_client):
- # Use patch to temporarily replace is_active with the custom implementation
- with patch.object(Domain, "is_active", custom_is_active):
- # Now, when you call is_active on Domain, it will return True
- with self.assertRaises(TransitionNotAllowed):
- self.approved_domain_request.action_needed()
-
- @less_console_noise_decorator
- def test_transition_not_allowed_approved_rejected_when_domain_is_active(self):
- """Create a domain request with status approved, create a matching domain that
- is active, and call reject against transition rules"""
-
- domain = Domain.objects.create(name=self.approved_domain_request.requested_domain.name)
- self.approved_domain_request.approved_domain = domain
- self.approved_domain_request.save()
-
- # Define a custom implementation for is_active
- def custom_is_active(self):
- return True # Override to return True
-
- with boto3_mocking.clients.handler_for("sesv2", self.mock_client):
- # Use patch to temporarily replace is_active with the custom implementation
- with patch.object(Domain, "is_active", custom_is_active):
- # Now, when you call is_active on Domain, it will return True
- with self.assertRaises(TransitionNotAllowed):
- self.approved_domain_request.reject()
-
- @less_console_noise_decorator
- def test_transition_not_allowed_approved_ineligible_when_domain_is_active(self):
- """Create a domain request with status approved, create a matching domain that
- is active, and call reject_with_prejudice against transition rules"""
-
- domain = Domain.objects.create(name=self.approved_domain_request.requested_domain.name)
- self.approved_domain_request.approved_domain = domain
- self.approved_domain_request.save()
-
- # Define a custom implementation for is_active
- def custom_is_active(self):
- return True # Override to return True
-
- with boto3_mocking.clients.handler_for("sesv2", self.mock_client):
- # Use patch to temporarily replace is_active with the custom implementation
- with patch.object(Domain, "is_active", custom_is_active):
- # Now, when you call is_active on Domain, it will return True
- with self.assertRaises(TransitionNotAllowed):
- self.approved_domain_request.reject_with_prejudice()
-
- @less_console_noise_decorator
- def test_approve_from_rejected_clears_rejection_reason(self):
- """When transitioning from rejected to approved on a domain request,
- the rejection_reason is cleared."""
-
- # Create a sample domain request
- domain_request = completed_domain_request(status=DomainRequest.DomainRequestStatus.REJECTED)
- domain_request.rejection_reason = DomainRequest.RejectionReasons.DOMAIN_PURPOSE
-
- # Approve
- with boto3_mocking.clients.handler_for("sesv2", self.mock_client):
- domain_request.approve()
-
- self.assertEqual(domain_request.status, DomainRequest.DomainRequestStatus.APPROVED)
- self.assertEqual(domain_request.rejection_reason, None)
-
- @less_console_noise_decorator
- def test_in_review_from_rejected_clears_rejection_reason(self):
- """When transitioning from rejected to in_review on a domain request,
- the rejection_reason is cleared."""
-
- # Create a sample domain request
- domain_request = completed_domain_request(status=DomainRequest.DomainRequestStatus.REJECTED)
- domain_request.domain_is_not_active = True
- domain_request.rejection_reason = DomainRequest.RejectionReasons.DOMAIN_PURPOSE
-
- # Approve
- with boto3_mocking.clients.handler_for("sesv2", self.mock_client):
- domain_request.in_review()
-
- self.assertEqual(domain_request.status, DomainRequest.DomainRequestStatus.IN_REVIEW)
- self.assertEqual(domain_request.rejection_reason, None)
-
- @less_console_noise_decorator
- def test_action_needed_from_rejected_clears_rejection_reason(self):
- """When transitioning from rejected to action_needed on a domain request,
- the rejection_reason is cleared."""
-
- # Create a sample domain request
- domain_request = completed_domain_request(status=DomainRequest.DomainRequestStatus.REJECTED)
- domain_request.domain_is_not_active = True
- domain_request.rejection_reason = DomainRequest.RejectionReasons.DOMAIN_PURPOSE
-
- # Approve
- with boto3_mocking.clients.handler_for("sesv2", self.mock_client):
- domain_request.action_needed()
-
- self.assertEqual(domain_request.status, DomainRequest.DomainRequestStatus.ACTION_NEEDED)
- self.assertEqual(domain_request.rejection_reason, None)
-
- @less_console_noise_decorator
- def test_has_rationale_returns_true(self):
- """has_rationale() returns true when a domain request has no_other_contacts_rationale"""
- self.started_domain_request.no_other_contacts_rationale = "You talkin' to me?"
- self.started_domain_request.save()
- self.assertEquals(self.started_domain_request.has_rationale(), True)
-
- @less_console_noise_decorator
- def test_has_rationale_returns_false(self):
- """has_rationale() returns false when a domain request has no no_other_contacts_rationale"""
- self.assertEquals(self.started_domain_request.has_rationale(), False)
-
- @less_console_noise_decorator
- def test_has_other_contacts_returns_true(self):
- """has_other_contacts() returns true when a domain request has other_contacts"""
- # completed_domain_request has other contacts by default
- self.assertEquals(self.started_domain_request.has_other_contacts(), True)
-
- @less_console_noise_decorator
- def test_has_other_contacts_returns_false(self):
- """has_other_contacts() returns false when a domain request has no other_contacts"""
- domain_request = completed_domain_request(
- status=DomainRequest.DomainRequestStatus.STARTED, name="no-others.gov", has_other_contacts=False
- )
- self.assertEquals(domain_request.has_other_contacts(), False)
-
-
-class TestPermissions(TestCase):
- """Test the User-Domain-Role connection."""
-
- def setUp(self):
- super().setUp()
- self.mock_client = MockSESClient()
-
- def tearDown(self):
- super().tearDown()
- self.mock_client.EMAILS_SENT.clear()
-
- @boto3_mocking.patching
- @less_console_noise_decorator
- def test_approval_creates_role(self):
- draft_domain, _ = DraftDomain.objects.get_or_create(name="igorville.gov")
- user, _ = User.objects.get_or_create()
- investigator, _ = User.objects.get_or_create(username="frenchtoast", is_staff=True)
- domain_request = DomainRequest.objects.create(
- creator=user, requested_domain=draft_domain, investigator=investigator
- )
-
- with boto3_mocking.clients.handler_for("sesv2", self.mock_client):
- # skip using the submit method
- domain_request.status = DomainRequest.DomainRequestStatus.SUBMITTED
- domain_request.approve()
-
- # should be a role for this user
- domain = Domain.objects.get(name="igorville.gov")
- self.assertTrue(UserDomainRole.objects.get(user=user, domain=domain))
-
-
class TestDomainInformation(TestCase):
"""Test the DomainInformation model, when approved or otherwise"""
@@ -1176,12 +152,15 @@ class TestPortfolioInvitations(TestCase):
self.invitation, _ = PortfolioInvitation.objects.get_or_create(
email=self.email,
portfolio=self.portfolio,
- portfolio_roles=[self.portfolio_role_base, self.portfolio_role_admin],
- portfolio_additional_permissions=[self.portfolio_permission_1, self.portfolio_permission_2],
+ roles=[self.portfolio_role_base, self.portfolio_role_admin],
+ additional_permissions=[self.portfolio_permission_1, self.portfolio_permission_2],
)
def tearDown(self):
super().tearDown()
+ DomainInvitation.objects.all().delete()
+ DomainInformation.objects.all().delete()
+ Domain.objects.all().delete()
UserPortfolioPermission.objects.all().delete()
Portfolio.objects.all().delete()
PortfolioInvitation.objects.all().delete()
@@ -1233,8 +212,8 @@ class TestPortfolioInvitations(TestCase):
PortfolioInvitation.objects.get_or_create(
email=self.email,
portfolio=portfolio2,
- portfolio_roles=[self.portfolio_role_base, self.portfolio_role_admin],
- portfolio_additional_permissions=[self.portfolio_permission_1, self.portfolio_permission_2],
+ roles=[self.portfolio_role_base, self.portfolio_role_admin],
+ additional_permissions=[self.portfolio_permission_1, self.portfolio_permission_2],
)
with override_flag("multiple_portfolios", active=True):
self.user.check_portfolio_invitations_on_login()
@@ -1257,8 +236,8 @@ class TestPortfolioInvitations(TestCase):
PortfolioInvitation.objects.get_or_create(
email=self.email,
portfolio=portfolio2,
- portfolio_roles=[self.portfolio_role_base, self.portfolio_role_admin],
- portfolio_additional_permissions=[self.portfolio_permission_1, self.portfolio_permission_2],
+ roles=[self.portfolio_role_base, self.portfolio_role_admin],
+ additional_permissions=[self.portfolio_permission_1, self.portfolio_permission_2],
)
self.user.check_portfolio_invitations_on_login()
self.user.refresh_from_db()
@@ -1269,6 +248,52 @@ class TestPortfolioInvitations(TestCase):
updated_invitation2, _ = PortfolioInvitation.objects.get_or_create(email=self.email, portfolio=portfolio2)
self.assertEqual(updated_invitation2.status, PortfolioInvitation.PortfolioInvitationStatus.INVITED)
+ @less_console_noise_decorator
+ def test_get_managed_domains_count(self):
+ """Test that the correct number of domains, which are associated with the portfolio and
+ have invited the email of the portfolio invitation, are returned."""
+ # Add three domains, one which is in the portfolio and email is invited to,
+ # one which is in the portfolio and email is not invited to,
+ # and one which is email is invited to and not in the portfolio.
+ # Arrange
+ # domain_in_portfolio should not be included in the count
+ domain_in_portfolio, _ = Domain.objects.get_or_create(name="domain_in_portfolio.gov", state=Domain.State.READY)
+ DomainInformation.objects.get_or_create(creator=self.user, domain=domain_in_portfolio, portfolio=self.portfolio)
+ # domain_in_portfolio_and_invited should be included in the count
+ domain_in_portfolio_and_invited, _ = Domain.objects.get_or_create(
+ name="domain_in_portfolio_and_invited.gov", state=Domain.State.READY
+ )
+ DomainInformation.objects.get_or_create(
+ creator=self.user, domain=domain_in_portfolio_and_invited, portfolio=self.portfolio
+ )
+ DomainInvitation.objects.get_or_create(email=self.email, domain=domain_in_portfolio_and_invited)
+ # domain_invited should not be included in the count
+ domain_invited, _ = Domain.objects.get_or_create(name="domain_invited.gov", state=Domain.State.READY)
+ DomainInformation.objects.get_or_create(creator=self.user, domain=domain_invited)
+ DomainInvitation.objects.get_or_create(email=self.email, domain=domain_invited)
+
+ # Assert
+ self.assertEqual(self.invitation.get_managed_domains_count(), 1)
+
+ @less_console_noise_decorator
+ def test_get_portfolio_permissions(self):
+ """Test that get_portfolio_permissions returns the expected list of permissions,
+ based on the roles and permissions assigned to the invitation."""
+ # Arrange
+ test_permission_list = set()
+ # add the arrays that are defined in UserPortfolioPermission for member and admin
+ test_permission_list.update(
+ UserPortfolioPermission.PORTFOLIO_ROLE_PERMISSIONS.get(UserPortfolioRoleChoices.ORGANIZATION_MEMBER, [])
+ )
+ test_permission_list.update(
+ UserPortfolioPermission.PORTFOLIO_ROLE_PERMISSIONS.get(UserPortfolioRoleChoices.ORGANIZATION_ADMIN, [])
+ )
+ # add the permissions that are added to the invitation as additional_permissions
+ test_permission_list.update([self.portfolio_permission_1, self.portfolio_permission_2])
+ perm_list = list(test_permission_list)
+ # Verify
+ self.assertEquals(self.invitation.get_portfolio_permissions(), perm_list)
+
class TestUserPortfolioPermission(TestCase):
@less_console_noise_decorator
@@ -1338,6 +363,40 @@ class TestUserPortfolioPermission(TestCase):
),
)
+ @less_console_noise_decorator
+ def test_get_managed_domains_count(self):
+ """Test that the correct number of managed domains associated with the portfolio
+ are returned."""
+ # Add three domains, one which is in the portfolio and managed by the user,
+ # one which is in the portfolio and not managed by the user,
+ # and one which is managed by the user and not in the portfolio.
+ # Arrange
+ portfolio, _ = Portfolio.objects.get_or_create(creator=self.user, organization_name="Hotel California")
+ test_user = create_test_user()
+ portfolio_permission, _ = UserPortfolioPermission.objects.get_or_create(
+ portfolio=portfolio, user=test_user, roles=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
+ )
+ # domain_in_portfolio should not be included in the count
+ domain_in_portfolio, _ = Domain.objects.get_or_create(name="domain_in_portfolio.gov", state=Domain.State.READY)
+ DomainInformation.objects.get_or_create(creator=self.user, domain=domain_in_portfolio, portfolio=portfolio)
+ # domain_in_portfolio_and_managed should be included in the count
+ domain_in_portfolio_and_managed, _ = Domain.objects.get_or_create(
+ name="domain_in_portfolio_and_managed.gov", state=Domain.State.READY
+ )
+ DomainInformation.objects.get_or_create(
+ creator=self.user, domain=domain_in_portfolio_and_managed, portfolio=portfolio
+ )
+ UserDomainRole.objects.get_or_create(
+ user=test_user, domain=domain_in_portfolio_and_managed, role=UserDomainRole.Roles.MANAGER
+ )
+ # domain_managed should not be included in the count
+ domain_managed, _ = Domain.objects.get_or_create(name="domain_managed.gov", state=Domain.State.READY)
+ DomainInformation.objects.get_or_create(creator=self.user, domain=domain_managed)
+ UserDomainRole.objects.get_or_create(user=test_user, domain=domain_managed, role=UserDomainRole.Roles.MANAGER)
+
+ # Assert
+ self.assertEqual(portfolio_permission.get_managed_domains_count(), 1)
+
class TestUser(TestCase):
"""Test actions that occur on user login,
diff --git a/src/registrar/tests/test_models_requests.py b/src/registrar/tests/test_models_requests.py
new file mode 100644
index 000000000..2d2c615d7
--- /dev/null
+++ b/src/registrar/tests/test_models_requests.py
@@ -0,0 +1,1047 @@
+from django.test import TestCase
+from django.db.utils import IntegrityError
+from django.db import transaction
+from unittest.mock import patch
+
+
+from registrar.models import (
+ Contact,
+ DomainRequest,
+ DomainInformation,
+ User,
+ Website,
+ Domain,
+ DraftDomain,
+ FederalAgency,
+ AllowedEmail,
+)
+
+import boto3_mocking
+from registrar.utility.constants import BranchChoices
+from registrar.utility.errors import FSMDomainRequestError
+
+from .common import (
+ MockSESClient,
+ less_console_noise,
+ completed_domain_request,
+ set_domain_request_investigators,
+)
+from django_fsm import TransitionNotAllowed
+
+from api.tests.common import less_console_noise_decorator
+
+
+@boto3_mocking.patching
+class TestDomainRequest(TestCase):
+ @less_console_noise_decorator
+ def setUp(self):
+
+ self.dummy_user, _ = Contact.objects.get_or_create(
+ email="mayor@igorville.com", first_name="Hello", last_name="World"
+ )
+ self.dummy_user_2, _ = User.objects.get_or_create(
+ username="intern@igorville.com", email="intern@igorville.com", first_name="Lava", last_name="World"
+ )
+ self.started_domain_request = completed_domain_request(
+ status=DomainRequest.DomainRequestStatus.STARTED,
+ name="started.gov",
+ )
+ self.submitted_domain_request = completed_domain_request(
+ status=DomainRequest.DomainRequestStatus.SUBMITTED,
+ name="submitted.gov",
+ )
+ self.in_review_domain_request = completed_domain_request(
+ status=DomainRequest.DomainRequestStatus.IN_REVIEW,
+ name="in-review.gov",
+ )
+ self.action_needed_domain_request = completed_domain_request(
+ status=DomainRequest.DomainRequestStatus.ACTION_NEEDED,
+ name="action-needed.gov",
+ )
+ self.approved_domain_request = completed_domain_request(
+ status=DomainRequest.DomainRequestStatus.APPROVED,
+ name="approved.gov",
+ )
+ self.withdrawn_domain_request = completed_domain_request(
+ status=DomainRequest.DomainRequestStatus.WITHDRAWN,
+ name="withdrawn.gov",
+ )
+ self.rejected_domain_request = completed_domain_request(
+ status=DomainRequest.DomainRequestStatus.REJECTED,
+ name="rejected.gov",
+ )
+ self.ineligible_domain_request = completed_domain_request(
+ status=DomainRequest.DomainRequestStatus.INELIGIBLE,
+ name="ineligible.gov",
+ )
+
+ # Store all domain request statuses in a variable for ease of use
+ self.all_domain_requests = [
+ self.started_domain_request,
+ self.submitted_domain_request,
+ self.in_review_domain_request,
+ self.action_needed_domain_request,
+ self.approved_domain_request,
+ self.withdrawn_domain_request,
+ self.rejected_domain_request,
+ self.ineligible_domain_request,
+ ]
+
+ self.mock_client = MockSESClient()
+
+ def tearDown(self):
+ super().tearDown()
+ DomainInformation.objects.all().delete()
+ DomainRequest.objects.all().delete()
+ DraftDomain.objects.all().delete()
+ Domain.objects.all().delete()
+ User.objects.all().delete()
+ self.mock_client.EMAILS_SENT.clear()
+
+ def assertNotRaises(self, exception_type):
+ """Helper method for testing allowed transitions."""
+ with less_console_noise():
+ return self.assertRaises(Exception, None, exception_type)
+
+ @less_console_noise_decorator
+ def test_request_is_withdrawable(self):
+ """Tests the is_withdrawable function"""
+ domain_request_1 = completed_domain_request(
+ status=DomainRequest.DomainRequestStatus.SUBMITTED,
+ name="city2.gov",
+ )
+ domain_request_2 = completed_domain_request(
+ status=DomainRequest.DomainRequestStatus.IN_REVIEW,
+ name="city3.gov",
+ )
+ domain_request_3 = completed_domain_request(
+ status=DomainRequest.DomainRequestStatus.ACTION_NEEDED,
+ name="city4.gov",
+ )
+ domain_request_4 = completed_domain_request(
+ status=DomainRequest.DomainRequestStatus.REJECTED,
+ name="city5.gov",
+ )
+ self.assertTrue(domain_request_1.is_withdrawable())
+ self.assertTrue(domain_request_2.is_withdrawable())
+ self.assertTrue(domain_request_3.is_withdrawable())
+ self.assertFalse(domain_request_4.is_withdrawable())
+
+ @less_console_noise_decorator
+ def test_request_is_awaiting_review(self):
+ """Tests the is_awaiting_review function"""
+ domain_request_1 = completed_domain_request(
+ status=DomainRequest.DomainRequestStatus.SUBMITTED,
+ name="city2.gov",
+ )
+ domain_request_2 = completed_domain_request(
+ status=DomainRequest.DomainRequestStatus.IN_REVIEW,
+ name="city3.gov",
+ )
+ domain_request_3 = completed_domain_request(
+ status=DomainRequest.DomainRequestStatus.ACTION_NEEDED,
+ name="city4.gov",
+ )
+ domain_request_4 = completed_domain_request(
+ status=DomainRequest.DomainRequestStatus.REJECTED,
+ name="city5.gov",
+ )
+ self.assertTrue(domain_request_1.is_awaiting_review())
+ self.assertTrue(domain_request_2.is_awaiting_review())
+ self.assertFalse(domain_request_3.is_awaiting_review())
+ self.assertFalse(domain_request_4.is_awaiting_review())
+
+ @less_console_noise_decorator
+ def test_federal_agency_set_to_non_federal_on_approve(self):
+ """Ensures that when the federal_agency field is 'none' when .approve() is called,
+ the field is set to the 'Non-Federal Agency' record"""
+ domain_request = completed_domain_request(
+ status=DomainRequest.DomainRequestStatus.IN_REVIEW,
+ name="city2.gov",
+ federal_agency=None,
+ )
+
+ # Ensure that the federal agency is None
+ self.assertEqual(domain_request.federal_agency, None)
+
+ # Approve the request
+ domain_request.approve()
+ self.assertEqual(domain_request.status, DomainRequest.DomainRequestStatus.APPROVED)
+
+ # After approval, it should be "Non-Federal agency"
+ expected_federal_agency = FederalAgency.objects.filter(agency="Non-Federal Agency").first()
+ self.assertEqual(domain_request.federal_agency, expected_federal_agency)
+
+ def test_empty_create_fails(self):
+ """Can't create a completely empty domain request."""
+ with less_console_noise():
+ with transaction.atomic():
+ with self.assertRaisesRegex(IntegrityError, "creator"):
+ DomainRequest.objects.create()
+
+ @less_console_noise_decorator
+ def test_minimal_create(self):
+ """Can create with just a creator."""
+ user, _ = User.objects.get_or_create(username="testy")
+ domain_request = DomainRequest.objects.create(creator=user)
+ self.assertEqual(domain_request.status, DomainRequest.DomainRequestStatus.STARTED)
+
+ @less_console_noise_decorator
+ def test_full_create(self):
+ """Can create with all fields."""
+ user, _ = User.objects.get_or_create(username="testy")
+ contact = Contact.objects.create()
+ com_website, _ = Website.objects.get_or_create(website="igorville.com")
+ gov_website, _ = Website.objects.get_or_create(website="igorville.gov")
+ domain, _ = DraftDomain.objects.get_or_create(name="igorville.gov")
+ domain_request = DomainRequest.objects.create(
+ creator=user,
+ investigator=user,
+ generic_org_type=DomainRequest.OrganizationChoices.FEDERAL,
+ federal_type=BranchChoices.EXECUTIVE,
+ is_election_board=False,
+ organization_name="Test",
+ address_line1="100 Main St.",
+ address_line2="APT 1A",
+ state_territory="CA",
+ zipcode="12345-6789",
+ senior_official=contact,
+ requested_domain=domain,
+ purpose="Igorville rules!",
+ anything_else="All of Igorville loves the dotgov program.",
+ is_policy_acknowledged=True,
+ )
+ domain_request.current_websites.add(com_website)
+ domain_request.alternative_domains.add(gov_website)
+ domain_request.other_contacts.add(contact)
+ domain_request.save()
+
+ @less_console_noise_decorator
+ def test_domain_info(self):
+ """Can create domain info with all fields."""
+ user, _ = User.objects.get_or_create(username="testy")
+ contact = Contact.objects.create()
+ domain, _ = Domain.objects.get_or_create(name="igorville.gov")
+ information = DomainInformation.objects.create(
+ creator=user,
+ generic_org_type=DomainInformation.OrganizationChoices.FEDERAL,
+ federal_type=BranchChoices.EXECUTIVE,
+ is_election_board=False,
+ organization_name="Test",
+ address_line1="100 Main St.",
+ address_line2="APT 1A",
+ state_territory="CA",
+ zipcode="12345-6789",
+ senior_official=contact,
+ purpose="Igorville rules!",
+ anything_else="All of Igorville loves the dotgov program.",
+ is_policy_acknowledged=True,
+ domain=domain,
+ )
+ information.other_contacts.add(contact)
+ information.save()
+ self.assertEqual(information.domain.id, domain.id)
+ self.assertEqual(information.id, domain.domain_info.id)
+
+ @less_console_noise_decorator
+ def test_status_fsm_submit_fail(self):
+ user, _ = User.objects.get_or_create(username="testy")
+ domain_request = DomainRequest.objects.create(creator=user)
+
+ with boto3_mocking.clients.handler_for("sesv2", self.mock_client):
+ with less_console_noise():
+ with self.assertRaises(ValueError):
+ # can't submit a domain request with a null domain name
+ domain_request.submit()
+
+ @less_console_noise_decorator
+ def test_status_fsm_submit_succeed(self):
+ user, _ = User.objects.get_or_create(username="testy")
+ site = DraftDomain.objects.create(name="igorville.gov")
+ domain_request = DomainRequest.objects.create(creator=user, requested_domain=site)
+
+ # no email sent to creator so this emits a log warning
+
+ with boto3_mocking.clients.handler_for("sesv2", self.mock_client):
+ with less_console_noise():
+ domain_request.submit()
+ self.assertEqual(domain_request.status, domain_request.DomainRequestStatus.SUBMITTED)
+
+ def check_email_sent(
+ self, domain_request, msg, action, expected_count, expected_content=None, expected_email="mayor@igorville.com"
+ ):
+ """Check if an email was sent after performing an action."""
+ email_allowed, _ = AllowedEmail.objects.get_or_create(email=expected_email)
+ with self.subTest(msg=msg, action=action):
+ with boto3_mocking.clients.handler_for("sesv2", self.mock_client):
+ # Perform the specified action
+ action_method = getattr(domain_request, action)
+ action_method()
+ domain_request.save()
+
+ # Check if an email was sent
+ sent_emails = [
+ email
+ for email in MockSESClient.EMAILS_SENT
+ if expected_email in email["kwargs"]["Destination"]["ToAddresses"]
+ ]
+ self.assertEqual(len(sent_emails), expected_count)
+
+ if expected_content:
+ email_content = sent_emails[0]["kwargs"]["Content"]["Simple"]["Body"]["Text"]["Data"]
+ self.assertIn(expected_content, email_content)
+
+ email_allowed.delete()
+
+ @less_console_noise_decorator
+ def test_submit_from_started_sends_email_to_creator(self):
+ """tests that we send an email to the creator"""
+ msg = "Create a domain request and submit it and see if email was sent when the feature flag is on."
+ domain_request = completed_domain_request(user=self.dummy_user_2)
+ self.check_email_sent(
+ domain_request, msg, "submit", 1, expected_content="Lava", expected_email="intern@igorville.com"
+ )
+
+ @less_console_noise_decorator
+ def test_submit_from_withdrawn_sends_email(self):
+ msg = "Create a withdrawn domain request and submit it and see if email was sent."
+ user, _ = User.objects.get_or_create(username="testy")
+ domain_request = completed_domain_request(status=DomainRequest.DomainRequestStatus.WITHDRAWN, user=user)
+ self.check_email_sent(domain_request, msg, "submit", 1, expected_content="Hi", expected_email=user.email)
+
+ @less_console_noise_decorator
+ def test_submit_from_action_needed_does_not_send_email(self):
+ msg = "Create a domain request with ACTION_NEEDED status and submit it, check if email was not sent."
+ domain_request = completed_domain_request(status=DomainRequest.DomainRequestStatus.ACTION_NEEDED)
+ self.check_email_sent(domain_request, msg, "submit", 0)
+
+ @less_console_noise_decorator
+ def test_submit_from_in_review_does_not_send_email(self):
+ msg = "Create a withdrawn domain request and submit it and see if email was sent."
+ domain_request = completed_domain_request(status=DomainRequest.DomainRequestStatus.IN_REVIEW)
+ self.check_email_sent(domain_request, msg, "submit", 0)
+
+ @less_console_noise_decorator
+ def test_approve_sends_email(self):
+ msg = "Create a domain request and approve it and see if email was sent."
+ user, _ = User.objects.get_or_create(username="testy")
+ domain_request = completed_domain_request(status=DomainRequest.DomainRequestStatus.IN_REVIEW, user=user)
+ self.check_email_sent(domain_request, msg, "approve", 1, expected_content="approved", expected_email=user.email)
+
+ @less_console_noise_decorator
+ def test_withdraw_sends_email(self):
+ msg = "Create a domain request and withdraw it and see if email was sent."
+ user, _ = User.objects.get_or_create(username="testy")
+ domain_request = completed_domain_request(status=DomainRequest.DomainRequestStatus.IN_REVIEW, user=user)
+ self.check_email_sent(
+ domain_request, msg, "withdraw", 1, expected_content="withdrawn", expected_email=user.email
+ )
+
+ def test_reject_sends_email(self):
+ "Create a domain request and reject it and see if email was sent."
+ user, _ = User.objects.get_or_create(username="testy")
+ domain_request = completed_domain_request(status=DomainRequest.DomainRequestStatus.APPROVED, user=user)
+ expected_email = user.email
+ email_allowed, _ = AllowedEmail.objects.get_or_create(email=expected_email)
+ with boto3_mocking.clients.handler_for("sesv2", self.mock_client):
+ domain_request.reject()
+ domain_request.rejection_reason = domain_request.RejectionReasons.CONTACTS_NOT_VERIFIED
+ domain_request.rejection_reason_email = "test"
+ domain_request.save()
+
+ # Check if an email was sent
+ sent_emails = [
+ email
+ for email in MockSESClient.EMAILS_SENT
+ if expected_email in email["kwargs"]["Destination"]["ToAddresses"]
+ ]
+ self.assertEqual(len(sent_emails), 1)
+
+ email_content = sent_emails[0]["kwargs"]["Content"]["Simple"]["Body"]["Text"]["Data"]
+ self.assertIn("test", email_content)
+
+ email_allowed.delete()
+
+ @less_console_noise_decorator
+ def test_reject_with_prejudice_does_not_send_email(self):
+ msg = "Create a domain request and reject it with prejudice and see if email was sent."
+ domain_request = completed_domain_request(status=DomainRequest.DomainRequestStatus.APPROVED)
+ self.check_email_sent(domain_request, msg, "reject_with_prejudice", 0)
+
+ @less_console_noise_decorator
+ def assert_fsm_transition_raises_error(self, test_cases, method_to_run):
+ """Given a list of test cases, check if each transition throws the intended error"""
+ with boto3_mocking.clients.handler_for("sesv2", self.mock_client), less_console_noise():
+ for domain_request, exception_type in test_cases:
+ with self.subTest(domain_request=domain_request, exception_type=exception_type):
+ with self.assertRaises(exception_type):
+ # Retrieve the method by name from the domain_request object and call it
+ method = getattr(domain_request, method_to_run)
+ # Call the method
+ method()
+
+ @less_console_noise_decorator
+ def assert_fsm_transition_does_not_raise_error(self, test_cases, method_to_run):
+ """Given a list of test cases, ensure that none of them throw transition errors"""
+ with boto3_mocking.clients.handler_for("sesv2", self.mock_client), less_console_noise():
+ for domain_request, exception_type in test_cases:
+ with self.subTest(domain_request=domain_request, exception_type=exception_type):
+ try:
+ # Retrieve the method by name from the DomainRequest object and call it
+ method = getattr(domain_request, method_to_run)
+ # Call the method
+ method()
+ except exception_type:
+ self.fail(f"{exception_type} was raised, but it was not expected.")
+
+ @less_console_noise_decorator
+ def test_submit_transition_allowed_with_no_investigator(self):
+ """
+ Tests for attempting to transition without an investigator.
+ For submit, this should be valid in all cases.
+ """
+
+ test_cases = [
+ (self.started_domain_request, TransitionNotAllowed),
+ (self.in_review_domain_request, TransitionNotAllowed),
+ (self.action_needed_domain_request, TransitionNotAllowed),
+ (self.withdrawn_domain_request, TransitionNotAllowed),
+ ]
+
+ # Set all investigators to none
+ set_domain_request_investigators(self.all_domain_requests, None)
+
+ self.assert_fsm_transition_does_not_raise_error(test_cases, "submit")
+
+ @less_console_noise_decorator
+ def test_submit_transition_allowed_with_investigator_not_staff(self):
+ """
+ Tests for attempting to transition with an investigator user that is not staff.
+ For submit, this should be valid in all cases.
+ """
+
+ test_cases = [
+ (self.in_review_domain_request, TransitionNotAllowed),
+ (self.action_needed_domain_request, TransitionNotAllowed),
+ ]
+
+ # Set all investigators to a user with no staff privs
+ user, _ = User.objects.get_or_create(username="pancakesyrup", is_staff=False)
+ set_domain_request_investigators(self.all_domain_requests, user)
+
+ self.assert_fsm_transition_does_not_raise_error(test_cases, "submit")
+
+ @less_console_noise_decorator
+ def test_submit_transition_allowed(self):
+ """
+ Test that calling submit from allowable statuses does raises TransitionNotAllowed.
+ """
+ test_cases = [
+ (self.started_domain_request, TransitionNotAllowed),
+ (self.in_review_domain_request, TransitionNotAllowed),
+ (self.action_needed_domain_request, TransitionNotAllowed),
+ (self.withdrawn_domain_request, TransitionNotAllowed),
+ ]
+
+ self.assert_fsm_transition_does_not_raise_error(test_cases, "submit")
+
+ @less_console_noise_decorator
+ def test_submit_transition_allowed_twice(self):
+ """
+ Test that rotating between submit and in_review doesn't throw an error
+ """
+ with boto3_mocking.clients.handler_for("sesv2", self.mock_client):
+ try:
+ # Make a submission
+ self.in_review_domain_request.submit()
+
+ # Rerun the old method to get back to the original state
+ self.in_review_domain_request.in_review()
+
+ # Make another submission
+ self.in_review_domain_request.submit()
+ except TransitionNotAllowed:
+ self.fail("TransitionNotAllowed was raised, but it was not expected.")
+
+ self.assertEqual(self.in_review_domain_request.status, DomainRequest.DomainRequestStatus.SUBMITTED)
+
+ @less_console_noise_decorator
+ def test_submit_transition_not_allowed(self):
+ """
+ Test that calling submit against transition rules raises TransitionNotAllowed.
+ """
+ test_cases = [
+ (self.submitted_domain_request, TransitionNotAllowed),
+ (self.approved_domain_request, TransitionNotAllowed),
+ (self.rejected_domain_request, TransitionNotAllowed),
+ (self.ineligible_domain_request, TransitionNotAllowed),
+ ]
+
+ self.assert_fsm_transition_raises_error(test_cases, "submit")
+
+ @less_console_noise_decorator
+ def test_in_review_transition_allowed(self):
+ """
+ Test that calling in_review from allowable statuses does raises TransitionNotAllowed.
+ """
+ test_cases = [
+ (self.submitted_domain_request, TransitionNotAllowed),
+ (self.action_needed_domain_request, TransitionNotAllowed),
+ (self.approved_domain_request, TransitionNotAllowed),
+ (self.rejected_domain_request, TransitionNotAllowed),
+ (self.ineligible_domain_request, TransitionNotAllowed),
+ ]
+
+ self.assert_fsm_transition_does_not_raise_error(test_cases, "in_review")
+
+ @less_console_noise_decorator
+ def test_in_review_transition_not_allowed_with_no_investigator(self):
+ """
+ Tests for attempting to transition without an investigator
+ """
+
+ test_cases = [
+ (self.action_needed_domain_request, TransitionNotAllowed),
+ (self.approved_domain_request, TransitionNotAllowed),
+ (self.rejected_domain_request, TransitionNotAllowed),
+ (self.ineligible_domain_request, TransitionNotAllowed),
+ ]
+
+ # Set all investigators to none
+ set_domain_request_investigators(self.all_domain_requests, None)
+
+ self.assert_fsm_transition_raises_error(test_cases, "in_review")
+
+ @less_console_noise_decorator
+ def test_in_review_transition_not_allowed_with_investigator_not_staff(self):
+ """
+ Tests for attempting to transition with an investigator that is not staff.
+ This should throw an exception.
+ """
+
+ test_cases = [
+ (self.action_needed_domain_request, TransitionNotAllowed),
+ (self.approved_domain_request, TransitionNotAllowed),
+ (self.rejected_domain_request, TransitionNotAllowed),
+ (self.ineligible_domain_request, TransitionNotAllowed),
+ ]
+
+ # Set all investigators to a user with no staff privs
+ user, _ = User.objects.get_or_create(username="pancakesyrup", is_staff=False)
+ set_domain_request_investigators(self.all_domain_requests, user)
+
+ self.assert_fsm_transition_raises_error(test_cases, "in_review")
+
+ @less_console_noise_decorator
+ def test_in_review_transition_not_allowed(self):
+ """
+ Test that calling in_review against transition rules raises TransitionNotAllowed.
+ """
+ test_cases = [
+ (self.started_domain_request, TransitionNotAllowed),
+ (self.in_review_domain_request, TransitionNotAllowed),
+ (self.withdrawn_domain_request, TransitionNotAllowed),
+ ]
+
+ self.assert_fsm_transition_raises_error(test_cases, "in_review")
+
+ @less_console_noise_decorator
+ def test_action_needed_transition_allowed(self):
+ """
+ Test that calling action_needed from allowable statuses does raises TransitionNotAllowed.
+ """
+ test_cases = [
+ (self.in_review_domain_request, TransitionNotAllowed),
+ (self.approved_domain_request, TransitionNotAllowed),
+ (self.rejected_domain_request, TransitionNotAllowed),
+ (self.ineligible_domain_request, TransitionNotAllowed),
+ ]
+
+ self.assert_fsm_transition_does_not_raise_error(test_cases, "action_needed")
+
+ @less_console_noise_decorator
+ def test_action_needed_transition_not_allowed_with_no_investigator(self):
+ """
+ Tests for attempting to transition without an investigator
+ """
+
+ test_cases = [
+ (self.in_review_domain_request, TransitionNotAllowed),
+ (self.approved_domain_request, TransitionNotAllowed),
+ (self.rejected_domain_request, TransitionNotAllowed),
+ (self.ineligible_domain_request, TransitionNotAllowed),
+ ]
+
+ # Set all investigators to none
+ set_domain_request_investigators(self.all_domain_requests, None)
+
+ self.assert_fsm_transition_raises_error(test_cases, "action_needed")
+
+ @less_console_noise_decorator
+ def test_action_needed_transition_not_allowed_with_investigator_not_staff(self):
+ """
+ Tests for attempting to transition with an investigator that is not staff
+ """
+
+ test_cases = [
+ (self.in_review_domain_request, TransitionNotAllowed),
+ (self.approved_domain_request, TransitionNotAllowed),
+ (self.rejected_domain_request, TransitionNotAllowed),
+ (self.ineligible_domain_request, TransitionNotAllowed),
+ ]
+
+ # Set all investigators to a user with no staff privs
+ user, _ = User.objects.get_or_create(username="pancakesyrup", is_staff=False)
+ set_domain_request_investigators(self.all_domain_requests, user)
+
+ self.assert_fsm_transition_raises_error(test_cases, "action_needed")
+
+ @less_console_noise_decorator
+ def test_action_needed_transition_not_allowed(self):
+ """
+ Test that calling action_needed against transition rules raises TransitionNotAllowed.
+ """
+ test_cases = [
+ (self.started_domain_request, TransitionNotAllowed),
+ (self.submitted_domain_request, TransitionNotAllowed),
+ (self.action_needed_domain_request, TransitionNotAllowed),
+ (self.withdrawn_domain_request, TransitionNotAllowed),
+ ]
+
+ self.assert_fsm_transition_raises_error(test_cases, "action_needed")
+
+ @less_console_noise_decorator
+ def test_approved_transition_allowed(self):
+ """
+ Test that calling action_needed from allowable statuses does raises TransitionNotAllowed.
+ """
+ test_cases = [
+ (self.submitted_domain_request, TransitionNotAllowed),
+ (self.in_review_domain_request, TransitionNotAllowed),
+ (self.action_needed_domain_request, TransitionNotAllowed),
+ (self.rejected_domain_request, TransitionNotAllowed),
+ ]
+
+ self.assert_fsm_transition_does_not_raise_error(test_cases, "approve")
+
+ @less_console_noise_decorator
+ def test_approved_transition_not_allowed_with_no_investigator(self):
+ """
+ Tests for attempting to transition without an investigator
+ """
+
+ test_cases = [
+ (self.in_review_domain_request, TransitionNotAllowed),
+ (self.action_needed_domain_request, TransitionNotAllowed),
+ (self.rejected_domain_request, TransitionNotAllowed),
+ ]
+
+ # Set all investigators to none
+ set_domain_request_investigators(self.all_domain_requests, None)
+
+ self.assert_fsm_transition_raises_error(test_cases, "approve")
+
+ @less_console_noise_decorator
+ def test_approved_transition_not_allowed_with_investigator_not_staff(self):
+ """
+ Tests for attempting to transition with an investigator that is not staff
+ """
+
+ test_cases = [
+ (self.in_review_domain_request, TransitionNotAllowed),
+ (self.action_needed_domain_request, TransitionNotAllowed),
+ (self.rejected_domain_request, TransitionNotAllowed),
+ ]
+
+ # Set all investigators to a user with no staff privs
+ user, _ = User.objects.get_or_create(username="pancakesyrup", is_staff=False)
+ set_domain_request_investigators(self.all_domain_requests, user)
+
+ self.assert_fsm_transition_raises_error(test_cases, "approve")
+
+ @less_console_noise_decorator
+ def test_approved_skips_sending_email(self):
+ """
+ Test that calling .approve with send_email=False doesn't actually send
+ an email
+ """
+
+ with boto3_mocking.clients.handler_for("sesv2", self.mock_client):
+ self.submitted_domain_request.approve(send_email=False)
+
+ # Assert that no emails were sent
+ self.assertEqual(len(self.mock_client.EMAILS_SENT), 0)
+
+ @less_console_noise_decorator
+ def test_approved_transition_not_allowed(self):
+ """
+ Test that calling approve against transition rules raises TransitionNotAllowed.
+ """
+ test_cases = [
+ (self.started_domain_request, TransitionNotAllowed),
+ (self.approved_domain_request, TransitionNotAllowed),
+ (self.withdrawn_domain_request, TransitionNotAllowed),
+ (self.ineligible_domain_request, TransitionNotAllowed),
+ ]
+ self.assert_fsm_transition_raises_error(test_cases, "approve")
+
+ @less_console_noise_decorator
+ def test_approved_transition_not_allowed_when_domain_already_approved(self):
+ """
+ Test that calling approve whith an already approved requested domain raises
+ TransitionNotAllowed.
+ """
+ Domain.objects.all().create(name=self.submitted_domain_request.requested_domain.name)
+ test_cases = [
+ (self.submitted_domain_request, FSMDomainRequestError),
+ ]
+ self.assert_fsm_transition_raises_error(test_cases, "approve")
+
+ @less_console_noise_decorator
+ def test_withdraw_transition_allowed(self):
+ """
+ Test that calling action_needed from allowable statuses does raises TransitionNotAllowed.
+ """
+ test_cases = [
+ (self.submitted_domain_request, TransitionNotAllowed),
+ (self.in_review_domain_request, TransitionNotAllowed),
+ (self.action_needed_domain_request, TransitionNotAllowed),
+ ]
+
+ self.assert_fsm_transition_does_not_raise_error(test_cases, "withdraw")
+
+ @less_console_noise_decorator
+ def test_withdraw_transition_allowed_with_no_investigator(self):
+ """
+ Tests for attempting to transition without an investigator.
+ For withdraw, this should be valid in all cases.
+ """
+
+ test_cases = [
+ (self.submitted_domain_request, TransitionNotAllowed),
+ (self.in_review_domain_request, TransitionNotAllowed),
+ (self.action_needed_domain_request, TransitionNotAllowed),
+ ]
+
+ # Set all investigators to none
+ set_domain_request_investigators(self.all_domain_requests, None)
+
+ self.assert_fsm_transition_does_not_raise_error(test_cases, "withdraw")
+
+ @less_console_noise_decorator
+ def test_withdraw_transition_allowed_with_investigator_not_staff(self):
+ """
+ Tests for attempting to transition when investigator is not staff.
+ For withdraw, this should be valid in all cases.
+ """
+
+ test_cases = [
+ (self.submitted_domain_request, TransitionNotAllowed),
+ (self.in_review_domain_request, TransitionNotAllowed),
+ (self.action_needed_domain_request, TransitionNotAllowed),
+ ]
+
+ # Set all investigators to a user with no staff privs
+ user, _ = User.objects.get_or_create(username="pancakesyrup", is_staff=False)
+ set_domain_request_investigators(self.all_domain_requests, user)
+
+ self.assert_fsm_transition_does_not_raise_error(test_cases, "withdraw")
+
+ @less_console_noise_decorator
+ def test_withdraw_transition_not_allowed(self):
+ """
+ Test that calling action_needed against transition rules raises TransitionNotAllowed.
+ """
+ test_cases = [
+ (self.started_domain_request, TransitionNotAllowed),
+ (self.approved_domain_request, TransitionNotAllowed),
+ (self.withdrawn_domain_request, TransitionNotAllowed),
+ (self.rejected_domain_request, TransitionNotAllowed),
+ (self.ineligible_domain_request, TransitionNotAllowed),
+ ]
+
+ self.assert_fsm_transition_raises_error(test_cases, "withdraw")
+
+ @less_console_noise_decorator
+ def test_reject_transition_allowed(self):
+ """
+ Test that calling action_needed from allowable statuses does raises TransitionNotAllowed.
+ """
+ test_cases = [
+ (self.in_review_domain_request, TransitionNotAllowed),
+ (self.action_needed_domain_request, TransitionNotAllowed),
+ (self.approved_domain_request, TransitionNotAllowed),
+ ]
+
+ self.assert_fsm_transition_does_not_raise_error(test_cases, "reject")
+
+ @less_console_noise_decorator
+ def test_reject_transition_not_allowed_with_no_investigator(self):
+ """
+ Tests for attempting to transition without an investigator
+ """
+
+ test_cases = [
+ (self.in_review_domain_request, TransitionNotAllowed),
+ (self.action_needed_domain_request, TransitionNotAllowed),
+ (self.approved_domain_request, TransitionNotAllowed),
+ ]
+
+ # Set all investigators to none
+ set_domain_request_investigators(self.all_domain_requests, None)
+
+ self.assert_fsm_transition_raises_error(test_cases, "reject")
+
+ @less_console_noise_decorator
+ def test_reject_transition_not_allowed_with_investigator_not_staff(self):
+ """
+ Tests for attempting to transition when investigator is not staff
+ """
+
+ test_cases = [
+ (self.in_review_domain_request, TransitionNotAllowed),
+ (self.action_needed_domain_request, TransitionNotAllowed),
+ (self.approved_domain_request, TransitionNotAllowed),
+ ]
+
+ # Set all investigators to a user with no staff privs
+ user, _ = User.objects.get_or_create(username="pancakesyrup", is_staff=False)
+ set_domain_request_investigators(self.all_domain_requests, user)
+
+ self.assert_fsm_transition_raises_error(test_cases, "reject")
+
+ @less_console_noise_decorator
+ def test_reject_transition_not_allowed(self):
+ """
+ Test that calling action_needed against transition rules raises TransitionNotAllowed.
+ """
+ test_cases = [
+ (self.started_domain_request, TransitionNotAllowed),
+ (self.submitted_domain_request, TransitionNotAllowed),
+ (self.withdrawn_domain_request, TransitionNotAllowed),
+ (self.rejected_domain_request, TransitionNotAllowed),
+ (self.ineligible_domain_request, TransitionNotAllowed),
+ ]
+
+ self.assert_fsm_transition_raises_error(test_cases, "reject")
+
+ @less_console_noise_decorator
+ def test_reject_with_prejudice_transition_allowed(self):
+ """
+ Test that calling action_needed from allowable statuses does raises TransitionNotAllowed.
+ """
+ test_cases = [
+ (self.in_review_domain_request, TransitionNotAllowed),
+ (self.action_needed_domain_request, TransitionNotAllowed),
+ (self.approved_domain_request, TransitionNotAllowed),
+ (self.rejected_domain_request, TransitionNotAllowed),
+ ]
+
+ self.assert_fsm_transition_does_not_raise_error(test_cases, "reject_with_prejudice")
+
+ @less_console_noise_decorator
+ def test_reject_with_prejudice_transition_not_allowed_with_no_investigator(self):
+ """
+ Tests for attempting to transition without an investigator
+ """
+
+ test_cases = [
+ (self.in_review_domain_request, TransitionNotAllowed),
+ (self.action_needed_domain_request, TransitionNotAllowed),
+ (self.approved_domain_request, TransitionNotAllowed),
+ (self.rejected_domain_request, TransitionNotAllowed),
+ ]
+
+ # Set all investigators to none
+ set_domain_request_investigators(self.all_domain_requests, None)
+
+ self.assert_fsm_transition_raises_error(test_cases, "reject_with_prejudice")
+
+ @less_console_noise_decorator
+ def test_reject_with_prejudice_not_allowed_with_investigator_not_staff(self):
+ """
+ Tests for attempting to transition when investigator is not staff
+ """
+
+ test_cases = [
+ (self.in_review_domain_request, TransitionNotAllowed),
+ (self.action_needed_domain_request, TransitionNotAllowed),
+ (self.approved_domain_request, TransitionNotAllowed),
+ (self.rejected_domain_request, TransitionNotAllowed),
+ ]
+
+ # Set all investigators to a user with no staff privs
+ user, _ = User.objects.get_or_create(username="pancakesyrup", is_staff=False)
+ set_domain_request_investigators(self.all_domain_requests, user)
+
+ self.assert_fsm_transition_raises_error(test_cases, "reject_with_prejudice")
+
+ @less_console_noise_decorator
+ def test_reject_with_prejudice_transition_not_allowed(self):
+ """
+ Test that calling action_needed against transition rules raises TransitionNotAllowed.
+ """
+ test_cases = [
+ (self.started_domain_request, TransitionNotAllowed),
+ (self.submitted_domain_request, TransitionNotAllowed),
+ (self.withdrawn_domain_request, TransitionNotAllowed),
+ (self.ineligible_domain_request, TransitionNotAllowed),
+ ]
+
+ self.assert_fsm_transition_raises_error(test_cases, "reject_with_prejudice")
+
+ @less_console_noise_decorator
+ def test_transition_not_allowed_approved_in_review_when_domain_is_active(self):
+ """Create a domain request with status approved, create a matching domain that
+ is active, and call in_review against transition rules"""
+
+ domain = Domain.objects.create(name=self.approved_domain_request.requested_domain.name)
+ self.approved_domain_request.approved_domain = domain
+ self.approved_domain_request.save()
+
+ # Define a custom implementation for is_active
+ def custom_is_active(self):
+ return True # Override to return True
+
+ with boto3_mocking.clients.handler_for("sesv2", self.mock_client):
+ # Use patch to temporarily replace is_active with the custom implementation
+ with patch.object(Domain, "is_active", custom_is_active):
+ # Now, when you call is_active on Domain, it will return True
+ with self.assertRaises(TransitionNotAllowed):
+ self.approved_domain_request.in_review()
+
+ @less_console_noise_decorator
+ def test_transition_not_allowed_approved_action_needed_when_domain_is_active(self):
+ """Create a domain request with status approved, create a matching domain that
+ is active, and call action_needed against transition rules"""
+
+ domain = Domain.objects.create(name=self.approved_domain_request.requested_domain.name)
+ self.approved_domain_request.approved_domain = domain
+ self.approved_domain_request.save()
+
+ # Define a custom implementation for is_active
+ def custom_is_active(self):
+ return True # Override to return True
+
+ with boto3_mocking.clients.handler_for("sesv2", self.mock_client):
+ # Use patch to temporarily replace is_active with the custom implementation
+ with patch.object(Domain, "is_active", custom_is_active):
+ # Now, when you call is_active on Domain, it will return True
+ with self.assertRaises(TransitionNotAllowed):
+ self.approved_domain_request.action_needed()
+
+ @less_console_noise_decorator
+ def test_transition_not_allowed_approved_rejected_when_domain_is_active(self):
+ """Create a domain request with status approved, create a matching domain that
+ is active, and call reject against transition rules"""
+
+ domain = Domain.objects.create(name=self.approved_domain_request.requested_domain.name)
+ self.approved_domain_request.approved_domain = domain
+ self.approved_domain_request.save()
+
+ # Define a custom implementation for is_active
+ def custom_is_active(self):
+ return True # Override to return True
+
+ with boto3_mocking.clients.handler_for("sesv2", self.mock_client):
+ # Use patch to temporarily replace is_active with the custom implementation
+ with patch.object(Domain, "is_active", custom_is_active):
+ # Now, when you call is_active on Domain, it will return True
+ with self.assertRaises(TransitionNotAllowed):
+ self.approved_domain_request.reject()
+
+ @less_console_noise_decorator
+ def test_transition_not_allowed_approved_ineligible_when_domain_is_active(self):
+ """Create a domain request with status approved, create a matching domain that
+ is active, and call reject_with_prejudice against transition rules"""
+
+ domain = Domain.objects.create(name=self.approved_domain_request.requested_domain.name)
+ self.approved_domain_request.approved_domain = domain
+ self.approved_domain_request.save()
+
+ # Define a custom implementation for is_active
+ def custom_is_active(self):
+ return True # Override to return True
+
+ with boto3_mocking.clients.handler_for("sesv2", self.mock_client):
+ # Use patch to temporarily replace is_active with the custom implementation
+ with patch.object(Domain, "is_active", custom_is_active):
+ # Now, when you call is_active on Domain, it will return True
+ with self.assertRaises(TransitionNotAllowed):
+ self.approved_domain_request.reject_with_prejudice()
+
+ @less_console_noise_decorator
+ def test_approve_from_rejected_clears_rejection_reason(self):
+ """When transitioning from rejected to approved on a domain request,
+ the rejection_reason is cleared."""
+
+ # Create a sample domain request
+ domain_request = completed_domain_request(status=DomainRequest.DomainRequestStatus.REJECTED)
+ domain_request.rejection_reason = DomainRequest.RejectionReasons.DOMAIN_PURPOSE
+
+ # Approve
+ with boto3_mocking.clients.handler_for("sesv2", self.mock_client):
+ domain_request.approve()
+
+ self.assertEqual(domain_request.status, DomainRequest.DomainRequestStatus.APPROVED)
+ self.assertEqual(domain_request.rejection_reason, None)
+
+ @less_console_noise_decorator
+ def test_in_review_from_rejected_clears_rejection_reason(self):
+ """When transitioning from rejected to in_review on a domain request,
+ the rejection_reason is cleared."""
+
+ # Create a sample domain request
+ domain_request = completed_domain_request(status=DomainRequest.DomainRequestStatus.REJECTED)
+ domain_request.domain_is_not_active = True
+ domain_request.rejection_reason = DomainRequest.RejectionReasons.DOMAIN_PURPOSE
+
+ # Approve
+ with boto3_mocking.clients.handler_for("sesv2", self.mock_client):
+ domain_request.in_review()
+
+ self.assertEqual(domain_request.status, DomainRequest.DomainRequestStatus.IN_REVIEW)
+ self.assertEqual(domain_request.rejection_reason, None)
+
+ @less_console_noise_decorator
+ def test_action_needed_from_rejected_clears_rejection_reason(self):
+ """When transitioning from rejected to action_needed on a domain request,
+ the rejection_reason is cleared."""
+
+ # Create a sample domain request
+ domain_request = completed_domain_request(status=DomainRequest.DomainRequestStatus.REJECTED)
+ domain_request.domain_is_not_active = True
+ domain_request.rejection_reason = DomainRequest.RejectionReasons.DOMAIN_PURPOSE
+
+ # Approve
+ with boto3_mocking.clients.handler_for("sesv2", self.mock_client):
+ domain_request.action_needed()
+
+ self.assertEqual(domain_request.status, DomainRequest.DomainRequestStatus.ACTION_NEEDED)
+ self.assertEqual(domain_request.rejection_reason, None)
+
+ @less_console_noise_decorator
+ def test_has_rationale_returns_true(self):
+ """has_rationale() returns true when a domain request has no_other_contacts_rationale"""
+ self.started_domain_request.no_other_contacts_rationale = "You talkin' to me?"
+ self.started_domain_request.save()
+ self.assertEquals(self.started_domain_request.has_rationale(), True)
+
+ @less_console_noise_decorator
+ def test_has_rationale_returns_false(self):
+ """has_rationale() returns false when a domain request has no no_other_contacts_rationale"""
+ self.assertEquals(self.started_domain_request.has_rationale(), False)
+
+ @less_console_noise_decorator
+ def test_has_other_contacts_returns_true(self):
+ """has_other_contacts() returns true when a domain request has other_contacts"""
+ # completed_domain_request has other contacts by default
+ self.assertEquals(self.started_domain_request.has_other_contacts(), True)
+
+ @less_console_noise_decorator
+ def test_has_other_contacts_returns_false(self):
+ """has_other_contacts() returns false when a domain request has no other_contacts"""
+ domain_request = completed_domain_request(
+ status=DomainRequest.DomainRequestStatus.STARTED, name="no-others.gov", has_other_contacts=False
+ )
+ self.assertEquals(domain_request.has_other_contacts(), False)
diff --git a/src/registrar/tests/test_views_domains_json.py b/src/registrar/tests/test_views_domains_json.py
index 07799104b..c4e5832c0 100644
--- a/src/registrar/tests/test_views_domains_json.py
+++ b/src/registrar/tests/test_views_domains_json.py
@@ -37,6 +37,7 @@ class GetDomainsJsonTest(TestWithUser, WebTest):
UserDomainRole.objects.all().delete()
UserPortfolioPermission.objects.all().delete()
DomainInformation.objects.all().delete()
+ Domain.objects.all().delete()
Portfolio.objects.all().delete()
super().tearDown()
diff --git a/src/registrar/tests/test_views_members_json.py b/src/registrar/tests/test_views_members_json.py
index 75c3a3a66..9cd4e823c 100644
--- a/src/registrar/tests/test_views_members_json.py
+++ b/src/registrar/tests/test_views_members_json.py
@@ -1,6 +1,7 @@
from django.urls import reverse
from registrar.models.portfolio import Portfolio
+from registrar.models.portfolio_invitation import PortfolioInvitation
from registrar.models.user import User
from registrar.models.user_portfolio_permission import UserPortfolioPermission
from registrar.models.utility.portfolio_helper import UserPortfolioPermissionChoices, UserPortfolioRoleChoices
@@ -38,6 +39,7 @@ class GetPortfolioMembersJsonTest(TestWithUser, WebTest):
phone="8003114567",
title="Admin",
)
+ cls.email5 = "fifth@example.com"
# Create Portfolio
cls.portfolio = Portfolio.objects.create(creator=cls.user, organization_name="Test Portfolio")
@@ -67,6 +69,23 @@ class GetPortfolioMembersJsonTest(TestWithUser, WebTest):
portfolio=cls.portfolio,
roles=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN],
)
+ PortfolioInvitation.objects.create(
+ email=cls.email5,
+ portfolio=cls.portfolio,
+ roles=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN],
+ additional_permissions=[
+ UserPortfolioPermissionChoices.VIEW_MEMBERS,
+ UserPortfolioPermissionChoices.EDIT_MEMBERS,
+ ],
+ )
+
+ @classmethod
+ def tearDownClass(cls):
+ PortfolioInvitation.objects.all().delete()
+ UserPortfolioPermission.objects.all().delete()
+ Portfolio.objects.all().delete()
+ User.objects.all().delete()
+ super().tearDownClass()
def setUp(self):
super().setUp()
@@ -83,14 +102,21 @@ class GetPortfolioMembersJsonTest(TestWithUser, WebTest):
self.assertFalse(data["has_previous"])
self.assertFalse(data["has_next"])
self.assertEqual(data["num_pages"], 1)
- self.assertEqual(data["total"], 4)
- self.assertEqual(data["unfiltered_total"], 4)
+ self.assertEqual(data["total"], 5)
+ self.assertEqual(data["unfiltered_total"], 5)
# Check the number of members
- self.assertEqual(len(data["members"]), 4)
+ self.assertEqual(len(data["members"]), 5)
# Check member fields
- expected_emails = {self.user.email, self.user2.email, self.user3.email, self.user4.email}
+ expected_emails = {
+ self.user.email,
+ self.user2.email,
+ self.user3.email,
+ self.user4.email,
+ self.user4.email,
+ self.email5,
+ }
actual_emails = {member["email"] for member in data["members"]}
self.assertEqual(expected_emails, actual_emails)
@@ -123,8 +149,8 @@ class GetPortfolioMembersJsonTest(TestWithUser, WebTest):
self.assertTrue(data["has_next"])
self.assertFalse(data["has_previous"])
self.assertEqual(data["num_pages"], 2)
- self.assertEqual(data["total"], 14)
- self.assertEqual(data["unfiltered_total"], 14)
+ self.assertEqual(data["total"], 15)
+ self.assertEqual(data["unfiltered_total"], 15)
# Check the number of members on page 1
self.assertEqual(len(data["members"]), 10)
@@ -142,7 +168,7 @@ class GetPortfolioMembersJsonTest(TestWithUser, WebTest):
self.assertEqual(data["num_pages"], 2)
# Check the number of members on page 2
- self.assertEqual(len(data["members"]), 4)
+ self.assertEqual(len(data["members"]), 5)
def test_search(self):
"""Test search functionality for portfolio members."""
diff --git a/src/registrar/tests/test_views_portfolio.py b/src/registrar/tests/test_views_portfolio.py
index dfb0469d0..13173565c 100644
--- a/src/registrar/tests/test_views_portfolio.py
+++ b/src/registrar/tests/test_views_portfolio.py
@@ -10,6 +10,7 @@ from registrar.models import (
UserDomainRole,
User,
)
+from registrar.models.portfolio_invitation import PortfolioInvitation
from registrar.models.user_group import UserGroup
from registrar.models.user_portfolio_permission import UserPortfolioPermission
from registrar.models.utility.portfolio_helper import UserPortfolioPermissionChoices, UserPortfolioRoleChoices
@@ -288,9 +289,9 @@ class TestPortfolio(WebTest):
def test_accessible_pages_when_user_does_not_have_role(self):
"""Test that admin / memmber roles are associated with the right access"""
self.app.set_user(self.user.username)
- portfolio_roles = [UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
+ roles = [UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
portfolio_permission, _ = UserPortfolioPermission.objects.get_or_create(
- user=self.user, portfolio=self.portfolio, roles=portfolio_roles
+ user=self.user, portfolio=self.portfolio, roles=roles
)
with override_flag("organization_feature", active=True):
# This will redirect the user to the portfolio page.
@@ -398,8 +399,8 @@ class TestPortfolio(WebTest):
"""When organization_feature flag is true and user has a portfolio,
the portfolio should be set in session."""
self.client.force_login(self.user)
- portfolio_roles = [UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
- UserPortfolioPermission.objects.get_or_create(user=self.user, portfolio=self.portfolio, roles=portfolio_roles)
+ roles = [UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
+ UserPortfolioPermission.objects.get_or_create(user=self.user, portfolio=self.portfolio, roles=roles)
with override_flag("organization_feature", active=True):
response = self.client.get(reverse("home"))
# Ensure that middleware processes the session
@@ -420,8 +421,8 @@ class TestPortfolio(WebTest):
This test also satisfies the condition when multiple_portfolios flag
is false and user has a portfolio, so won't add a redundant test for that."""
self.client.force_login(self.user)
- portfolio_roles = [UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
- UserPortfolioPermission.objects.get_or_create(user=self.user, portfolio=self.portfolio, roles=portfolio_roles)
+ roles = [UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
+ UserPortfolioPermission.objects.get_or_create(user=self.user, portfolio=self.portfolio, roles=roles)
response = self.client.get(reverse("home"))
# Ensure that middleware processes the session
session_middleware = SessionMiddleware(lambda request: None)
@@ -457,8 +458,8 @@ class TestPortfolio(WebTest):
"""When multiple_portfolios flag is true and user has a portfolio,
the portfolio should be set in session."""
self.client.force_login(self.user)
- portfolio_roles = [UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
- UserPortfolioPermission.objects.get_or_create(user=self.user, portfolio=self.portfolio, roles=portfolio_roles)
+ roles = [UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
+ UserPortfolioPermission.objects.get_or_create(user=self.user, portfolio=self.portfolio, roles=roles)
with override_flag("organization_feature", active=True), override_flag("multiple_portfolios", active=True):
response = self.client.get(reverse("home"))
# Ensure that middleware processes the session
@@ -817,7 +818,6 @@ class TestPortfolio(WebTest):
# Verify that view-only settings are sent in the dynamic HTML
response = self.client.get(reverse("get_portfolio_members_json") + f"?portfolio={self.portfolio.pk}")
- print(response.content)
self.assertContains(response, '"action_label": "View"')
self.assertContains(response, '"svg_icon": "visibility"')
@@ -856,6 +856,230 @@ class TestPortfolio(WebTest):
# TerminalHelper.colorful_logger(logger.info, TerminalColors.OKCYAN, f"{response.content}")
self.assertContains(response, '"is_admin": true')
+ @less_console_noise_decorator
+ @override_flag("organization_feature", active=True)
+ def test_cannot_view_member_page_when_flag_is_off(self):
+ """Test that user cannot access the member page when waffle flag is off"""
+
+ # Verify that the user cannot access the member page
+ self.client.force_login(self.user)
+ response = self.client.get(reverse("member", kwargs={"pk": 1}), follow=True)
+ # Make sure the page is denied
+ self.assertEqual(response.status_code, 403)
+
+ @less_console_noise_decorator
+ @override_flag("organization_feature", active=True)
+ @override_flag("organization_members", active=True)
+ def test_cannot_view_member_page_when_user_has_no_permission(self):
+ """Test that user cannot access the member page without proper permission"""
+
+ # give user base permissions
+ UserPortfolioPermission.objects.get_or_create(
+ user=self.user,
+ portfolio=self.portfolio,
+ roles=[UserPortfolioRoleChoices.ORGANIZATION_MEMBER],
+ )
+
+ # Verify that the user cannot access the member page
+ self.client.force_login(self.user)
+ response = self.client.get(reverse("member", kwargs={"pk": 1}), follow=True)
+ # Make sure the page is denied
+ self.assertEqual(response.status_code, 403)
+
+ @less_console_noise_decorator
+ @override_flag("organization_feature", active=True)
+ @override_flag("organization_members", active=True)
+ def test_can_view_member_page_when_user_has_view_members(self):
+ """Test that user can access the member page with view_members permission"""
+
+ # Arrange
+ # give user permissions to view members
+ permission_obj, _ = UserPortfolioPermission.objects.get_or_create(
+ user=self.user,
+ portfolio=self.portfolio,
+ roles=[UserPortfolioRoleChoices.ORGANIZATION_MEMBER],
+ additional_permissions=[
+ UserPortfolioPermissionChoices.VIEW_MEMBERS,
+ ],
+ )
+
+ # Verify the page can be accessed
+ self.client.force_login(self.user)
+ response = self.client.get(reverse("member", kwargs={"pk": permission_obj.pk}), follow=True)
+ self.assertEqual(response.status_code, 200)
+
+ # Assert text within the page is correct
+ self.assertContains(response, "First Last")
+ self.assertContains(response, self.user.email)
+ self.assertContains(response, "Basic access")
+ self.assertContains(response, "No access")
+ self.assertContains(response, "View all members")
+ self.assertContains(response, "This member does not manage any domains.")
+
+ # Assert buttons and links within the page are correct
+ self.assertNotContains(response, "usa-button--more-actions") # test that 3 dot is not present
+ self.assertNotContains(response, "sprite.svg#edit") # test that Edit link is not present
+ self.assertNotContains(response, "sprite.svg#settings") # test that Manage link is not present
+ self.assertContains(response, "sprite.svg#visibility") # test that View link is present
+
+ @less_console_noise_decorator
+ @override_flag("organization_feature", active=True)
+ @override_flag("organization_members", active=True)
+ def test_can_view_member_page_when_user_has_edit_members(self):
+ """Test that user can access the member page with edit_members permission"""
+
+ # Arrange
+ # give user permissions to view AND manage members
+ permission_obj, _ = UserPortfolioPermission.objects.get_or_create(
+ user=self.user,
+ portfolio=self.portfolio,
+ roles=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN],
+ additional_permissions=[
+ UserPortfolioPermissionChoices.EDIT_MEMBERS,
+ ],
+ )
+
+ # Verify the page can be accessed
+ self.client.force_login(self.user)
+ response = self.client.get(reverse("member", kwargs={"pk": permission_obj.pk}), follow=True)
+ self.assertEqual(response.status_code, 200)
+
+ # Assert text within the page is correct
+ self.assertContains(response, "First Last")
+ self.assertContains(response, self.user.email)
+ self.assertContains(response, "Admin access")
+ self.assertContains(response, "View all requests plus create requests")
+ self.assertContains(response, "View all members plus manage members")
+ self.assertContains(
+ response, 'This member does not manage any domains. To assign this member a domain, click "Manage"'
+ )
+
+ # Assert buttons and links within the page are correct
+ self.assertContains(response, "usa-button--more-actions") # test that 3 dot is present
+ self.assertContains(response, "sprite.svg#edit") # test that Edit link is present
+ self.assertContains(response, "sprite.svg#settings") # test that Manage link is present
+ self.assertNotContains(response, "sprite.svg#visibility") # test that View link is not present
+
+ @less_console_noise_decorator
+ @override_flag("organization_feature", active=True)
+ def test_cannot_view_invitedmember_page_when_flag_is_off(self):
+ """Test that user cannot access the invitedmember page when waffle flag is off"""
+
+ # Verify that the user cannot access the member page
+ self.client.force_login(self.user)
+ response = self.client.get(reverse("invitedmember", kwargs={"pk": 1}), follow=True)
+ # Make sure the page is denied
+ self.assertEqual(response.status_code, 403)
+
+ @less_console_noise_decorator
+ @override_flag("organization_feature", active=True)
+ @override_flag("organization_members", active=True)
+ def test_cannot_view_invitedmember_page_when_user_has_no_permission(self):
+ """Test that user cannot access the invitedmember page without proper permission"""
+
+ # give user base permissions
+ UserPortfolioPermission.objects.get_or_create(
+ user=self.user,
+ portfolio=self.portfolio,
+ roles=[UserPortfolioRoleChoices.ORGANIZATION_MEMBER],
+ )
+
+ # Verify that the user cannot access the member page
+ self.client.force_login(self.user)
+ response = self.client.get(reverse("invitedmember", kwargs={"pk": 1}), follow=True)
+ # Make sure the page is denied
+ self.assertEqual(response.status_code, 403)
+
+ @less_console_noise_decorator
+ @override_flag("organization_feature", active=True)
+ @override_flag("organization_members", active=True)
+ def test_can_view_invitedmember_page_when_user_has_view_members(self):
+ """Test that user can access the invitedmember page with view_members permission"""
+
+ # Arrange
+ # give user permissions to view members
+ UserPortfolioPermission.objects.get_or_create(
+ user=self.user,
+ portfolio=self.portfolio,
+ roles=[UserPortfolioRoleChoices.ORGANIZATION_MEMBER],
+ additional_permissions=[
+ UserPortfolioPermissionChoices.VIEW_MEMBERS,
+ ],
+ )
+ portfolio_invitation, _ = PortfolioInvitation.objects.get_or_create(
+ email="info@example.com",
+ portfolio=self.portfolio,
+ roles=[UserPortfolioRoleChoices.ORGANIZATION_MEMBER],
+ additional_permissions=[
+ UserPortfolioPermissionChoices.VIEW_MEMBERS,
+ ],
+ )
+
+ # Verify the page can be accessed
+ self.client.force_login(self.user)
+ response = self.client.get(reverse("invitedmember", kwargs={"pk": portfolio_invitation.pk}), follow=True)
+ self.assertEqual(response.status_code, 200)
+
+ # Assert text within the page is correct
+ self.assertContains(response, "Invited")
+ self.assertContains(response, portfolio_invitation.email)
+ self.assertContains(response, "Basic access")
+ self.assertContains(response, "No access")
+ self.assertContains(response, "View all members")
+ self.assertContains(response, "This member does not manage any domains.")
+
+ # Assert buttons and links within the page are correct
+ self.assertNotContains(response, "usa-button--more-actions") # test that 3 dot is not present
+ self.assertNotContains(response, "sprite.svg#edit") # test that Edit link is not present
+ self.assertNotContains(response, "sprite.svg#settings") # test that Manage link is not present
+ self.assertContains(response, "sprite.svg#visibility") # test that View link is present
+
+ @less_console_noise_decorator
+ @override_flag("organization_feature", active=True)
+ @override_flag("organization_members", active=True)
+ def test_can_view_invitedmember_page_when_user_has_edit_members(self):
+ """Test that user can access the invitedmember page with edit_members permission"""
+
+ # Arrange
+ # give user permissions to view AND manage members
+ permission_obj, _ = UserPortfolioPermission.objects.get_or_create(
+ user=self.user,
+ portfolio=self.portfolio,
+ roles=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN],
+ additional_permissions=[
+ UserPortfolioPermissionChoices.EDIT_MEMBERS,
+ ],
+ )
+ portfolio_invitation, _ = PortfolioInvitation.objects.get_or_create(
+ email="info@example.com",
+ portfolio=self.portfolio,
+ roles=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN],
+ additional_permissions=[
+ UserPortfolioPermissionChoices.EDIT_MEMBERS,
+ ],
+ )
+
+ # Verify the page can be accessed
+ self.client.force_login(self.user)
+ response = self.client.get(reverse("invitedmember", kwargs={"pk": portfolio_invitation.pk}), follow=True)
+ self.assertEqual(response.status_code, 200)
+
+ # Assert text within the page is correct
+ self.assertContains(response, "Invited")
+ self.assertContains(response, portfolio_invitation.email)
+ self.assertContains(response, "Admin access")
+ self.assertContains(response, "View all requests plus create requests")
+ self.assertContains(response, "View all members plus manage members")
+ self.assertContains(
+ response, 'This member does not manage any domains. To assign this member a domain, click "Manage"'
+ )
+
+ # Assert buttons and links within the page are correct
+ self.assertContains(response, "usa-button--more-actions") # test that 3 dot is present
+ self.assertContains(response, "sprite.svg#edit") # test that Edit link is present
+ self.assertContains(response, "sprite.svg#settings") # test that Manage link is present
+ self.assertNotContains(response, "sprite.svg#visibility") # test that View link is not present
+
@less_console_noise_decorator
@override_flag("organization_feature", active=True)
def test_portfolio_domain_requests_page_when_user_has_no_permissions(self):
@@ -1015,8 +1239,8 @@ class TestPortfolio(WebTest):
def test_portfolio_cache_updates_when_modified(self):
"""Test that the portfolio in session updates when the portfolio is modified"""
self.client.force_login(self.user)
- portfolio_roles = [UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
- UserPortfolioPermission.objects.get_or_create(user=self.user, portfolio=self.portfolio, roles=portfolio_roles)
+ roles = [UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
+ UserPortfolioPermission.objects.get_or_create(user=self.user, portfolio=self.portfolio, roles=roles)
with override_flag("organization_feature", active=True):
# Initial request to set the portfolio in session
@@ -1044,8 +1268,8 @@ class TestPortfolio(WebTest):
def test_portfolio_cache_updates_when_flag_disabled_while_logged_in(self):
"""Test that the portfolio in session is set to None when the organization_feature flag is disabled"""
self.client.force_login(self.user)
- portfolio_roles = [UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
- UserPortfolioPermission.objects.get_or_create(user=self.user, portfolio=self.portfolio, roles=portfolio_roles)
+ roles = [UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
+ UserPortfolioPermission.objects.get_or_create(user=self.user, portfolio=self.portfolio, roles=roles)
with override_flag("organization_feature", active=True):
# Initial request to set the portfolio in session
diff --git a/src/registrar/tests/test_views_request.py b/src/registrar/tests/test_views_request.py
index 8530859e2..17e6bcbe6 100644
--- a/src/registrar/tests/test_views_request.py
+++ b/src/registrar/tests/test_views_request.py
@@ -43,7 +43,7 @@ class DomainRequestTests(TestWithUser, WebTest):
super().setUp()
self.federal_agency, _ = FederalAgency.objects.get_or_create(agency="General Services Administration")
self.app.set_user(self.user.username)
- self.TITLES = DomainRequestWizard.TITLES
+ self.TITLES = DomainRequestWizard.REGULAR_TITLES
def tearDown(self):
super().tearDown()
@@ -82,7 +82,6 @@ class DomainRequestTests(TestWithUser, WebTest):
response = self.app.get(f"/domain-request/{domain_request.id}")
# Ensure that the date is still set to None
self.assertIsNone(domain_request.last_status_update)
- print(response)
# We should still grab a date for this field in this event - but it should come from the audit log instead
self.assertContains(response, "Started on:")
self.assertContains(response, fixed_date.strftime("%B %-d, %Y"))
@@ -522,7 +521,8 @@ class DomainRequestTests(TestWithUser, WebTest):
# And the existence of the modal's data parked and ready for the js init.
# The next assert also tests for the passed requested domain context from
# the view > domain_request_form > modal
- self.assertContains(review_page, "You are about to submit a domain request for city.gov")
+ self.assertContains(review_page, "You are about to submit a domain request for")
+ self.assertContains(review_page, "city.gov")
# final submission results in a redirect to the "finished" URL
self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id)
@@ -2742,6 +2742,66 @@ class DomainRequestTests(TestWithUser, WebTest):
self.assertContains(review_page, "toggle-submit-domain-request")
self.assertContains(review_page, "Your request form is incomplete")
+ @override_flag("organization_feature", active=True)
+ @override_flag("organization_requests", active=True)
+ def test_portfolio_user_missing_edit_permissions(self):
+ """Tests that a portfolio user without edit request permissions cannot edit or add new requests"""
+ portfolio, _ = Portfolio.objects.get_or_create(creator=self.user, organization_name="Test Portfolio")
+ portfolio_perm, _ = UserPortfolioPermission.objects.get_or_create(
+ user=self.user, portfolio=portfolio, roles=[UserPortfolioRoleChoices.ORGANIZATION_MEMBER]
+ )
+ # This user should be forbidden from creating new domain requests
+ intro_page = self.app.get(reverse("domain-request:"), expect_errors=True)
+ self.assertEqual(intro_page.status_code, 403)
+
+ # This user should also be forbidden from editing existing ones
+ domain_request = completed_domain_request(user=self.user)
+ edit_page = self.app.get(reverse("edit-domain-request", kwargs={"id": domain_request.pk}), expect_errors=True)
+ self.assertEqual(edit_page.status_code, 403)
+
+ # Cleanup
+ portfolio_perm.delete()
+ portfolio.delete()
+
+ @override_flag("organization_feature", active=True)
+ @override_flag("organization_requests", active=True)
+ def test_portfolio_user_with_edit_permissions(self):
+ """Tests that a portfolio user with edit request permissions can edit and add new requests"""
+ portfolio, _ = Portfolio.objects.get_or_create(creator=self.user, organization_name="Test Portfolio")
+ portfolio_perm, _ = UserPortfolioPermission.objects.get_or_create(
+ user=self.user, portfolio=portfolio, roles=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
+ )
+
+ # This user should be allowed to create new domain requests
+ intro_page = self.app.get(reverse("domain-request:"))
+ self.assertEqual(intro_page.status_code, 200)
+
+ # This user should also be allowed to edit existing ones
+ domain_request = completed_domain_request(user=self.user)
+ edit_page = self.app.get(reverse("edit-domain-request", kwargs={"id": domain_request.pk})).follow()
+ self.assertEqual(edit_page.status_code, 200)
+
+ # Cleanup
+ DomainRequest.objects.all().delete()
+ portfolio_perm.delete()
+ portfolio.delete()
+
+ def test_non_creator_access(self):
+ """Tests that a user cannot edit a domain request they didn't create"""
+ p = "password"
+ other_user = User.objects.create_user(username="other_user", password=p)
+ domain_request = completed_domain_request(user=other_user)
+
+ edit_page = self.app.get(reverse("edit-domain-request", kwargs={"id": domain_request.pk}), expect_errors=True)
+ self.assertEqual(edit_page.status_code, 403)
+
+ def test_creator_access(self):
+ """Tests that a user can edit a domain request they created"""
+ domain_request = completed_domain_request(user=self.user)
+
+ edit_page = self.app.get(reverse("edit-domain-request", kwargs={"id": domain_request.pk})).follow()
+ self.assertEqual(edit_page.status_code, 200)
+
class DomainRequestTestDifferentStatuses(TestWithUser, WebTest):
def setUp(self):
@@ -2904,7 +2964,7 @@ class DomainRequestTestDifferentStatuses(TestWithUser, WebTest):
self.assertNotContains(home_page, "city.gov")
-class TestWizardUnlockingSteps(TestWithUser, WebTest):
+class TestDomainRequestWizard(TestWithUser, WebTest):
def setUp(self):
super().setUp()
self.app.set_user(self.user.username)
@@ -3026,6 +3086,94 @@ class TestWizardUnlockingSteps(TestWithUser, WebTest):
else:
self.fail(f"Expected a redirect, but got a different response: {response}")
+ @less_console_noise_decorator
+ @override_flag("organization_feature", active=True)
+ @override_flag("organization_requests", active=True)
+ def test_wizard_steps_portfolio(self):
+ """
+ Tests the behavior of the domain request wizard for portfolios.
+ Ensures that:
+ - The user can access the organization page.
+ - The expected number of steps are locked/unlocked (implicit test for expected steps).
+ - The user lands on the "Requesting entity" page
+ - The user does not see the Domain and Domain requests buttons
+ """
+
+ # This should unlock 4 steps by default.
+ # Purpose, .gov domain, current websites, and requirements for operating
+ domain_request = completed_domain_request(
+ status=DomainRequest.DomainRequestStatus.STARTED,
+ user=self.user,
+ )
+ domain_request.anything_else = None
+ domain_request.save()
+
+ federal_agency = FederalAgency.objects.get(agency="Non-Federal Agency")
+ # Add a portfolio
+ portfolio = Portfolio.objects.create(
+ creator=self.user,
+ organization_name="test portfolio",
+ federal_agency=federal_agency,
+ )
+
+ user_portfolio_permission = UserPortfolioPermission.objects.create(
+ user=self.user,
+ portfolio=portfolio,
+ roles=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN],
+ )
+
+ response = self.app.get(f"/domain-request/{domain_request.id}/edit/")
+ # django-webtest does not handle cookie-based sessions well because it keeps
+ # resetting the session key on each new request, thus destroying the concept
+ # of a "session". We are going to do it manually, saving the session ID here
+ # and then setting the cookie on each request.
+ session_id = self.app.cookies[settings.SESSION_COOKIE_NAME]
+ self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id)
+
+ # Check if the response is a redirect
+ if response.status_code == 302:
+ # Follow the redirect manually
+ try:
+ detail_page = response.follow()
+
+ self.wizard.get_context_data()
+ except Exception as err:
+ # Handle any potential errors while following the redirect
+ self.fail(f"Error following the redirect {err}")
+
+ # Now 'detail_page' contains the response after following the redirect
+ self.assertEqual(detail_page.status_code, 200)
+
+ # Assert that we're on the organization page
+ self.assertContains(detail_page, portfolio.organization_name)
+
+ # We should only see one unlocked step
+ self.assertContains(detail_page, "#check_circle", count=4)
+
+ # One pages should still be locked (additional details)
+ self.assertContains(detail_page, "#lock", 1)
+
+ # The current option should be selected
+ self.assertContains(detail_page, "usa-current", count=1)
+
+ # We default to the requesting entity page
+ expected_url = reverse("domain-request:portfolio_requesting_entity")
+ # This returns the entire url, thus "in"
+ self.assertIn(expected_url, detail_page.request.url)
+
+ # We shouldn't show the "domains" and "domain requests" buttons
+ # on this page.
+ self.assertNotContains(detail_page, "Domains")
+ self.assertNotContains(detail_page, "Domain requests")
+ else:
+ self.fail(f"Expected a redirect, but got a different response: {response}")
+
+ # Data cleanup
+ user_portfolio_permission.delete()
+ portfolio.delete()
+ federal_agency.delete()
+ domain_request.delete()
+
class TestPortfolioDomainRequestViewonly(TestWithUser, WebTest):
@@ -3037,7 +3185,7 @@ class TestPortfolioDomainRequestViewonly(TestWithUser, WebTest):
super().setUp()
self.federal_agency, _ = FederalAgency.objects.get_or_create(agency="General Services Administration")
self.app.set_user(self.user.username)
- self.TITLES = DomainRequestWizard.TITLES
+ self.TITLES = DomainRequestWizard.REGULAR_TITLES
def tearDown(self):
super().tearDown()
diff --git a/src/registrar/utility/admin_helpers.py b/src/registrar/utility/admin_helpers.py
index 2af9d0b3c..37e0a0e00 100644
--- a/src/registrar/utility/admin_helpers.py
+++ b/src/registrar/utility/admin_helpers.py
@@ -6,36 +6,39 @@ from django.utils.html import escape
from registrar.models.utility.generic_helper import value_of_attribute
-def get_all_action_needed_reason_emails(request, domain_request):
- """Returns a dictionary of every action needed reason and its associated email
- for this particular domain request."""
-
- emails = {}
- for action_needed_reason in domain_request.ActionNeededReasons:
- # Map the action_needed_reason to its default email
- emails[action_needed_reason.value] = get_action_needed_reason_default_email(
- request, domain_request, action_needed_reason.value
- )
-
- return emails
-
-
-def get_action_needed_reason_default_email(request, domain_request, action_needed_reason):
+def get_action_needed_reason_default_email(domain_request, action_needed_reason):
"""Returns the default email associated with the given action needed reason"""
- if not action_needed_reason or action_needed_reason == DomainRequest.ActionNeededReasons.OTHER:
+ return _get_default_email(
+ domain_request,
+ file_path=f"emails/action_needed_reasons/{action_needed_reason}.txt",
+ reason=action_needed_reason,
+ excluded_reasons=[DomainRequest.ActionNeededReasons.OTHER],
+ )
+
+
+def get_rejection_reason_default_email(domain_request, rejection_reason):
+ """Returns the default email associated with the given rejection reason"""
+ return _get_default_email(
+ domain_request,
+ file_path="emails/status_change_rejected.txt",
+ reason=rejection_reason,
+ # excluded_reasons=[DomainRequest.RejectionReasons.OTHER]
+ )
+
+
+def _get_default_email(domain_request, file_path, reason, excluded_reasons=None):
+ if not reason:
+ return None
+
+ if excluded_reasons and reason in excluded_reasons:
return None
recipient = domain_request.creator
# Return the context of the rendered views
- context = {"domain_request": domain_request, "recipient": recipient}
+ context = {"domain_request": domain_request, "recipient": recipient, "reason": reason}
- # Get the email body
- template_path = f"emails/action_needed_reasons/{action_needed_reason}.txt"
-
- email_body_text = get_template(template_path).render(context=context)
- email_body_text_cleaned = None
- if email_body_text:
- email_body_text_cleaned = email_body_text.strip().lstrip("\n")
+ email_body_text = get_template(file_path).render(context=context)
+ email_body_text_cleaned = email_body_text.strip().lstrip("\n") if email_body_text else None
return email_body_text_cleaned
diff --git a/src/registrar/utility/enums.py b/src/registrar/utility/enums.py
index b4fc5ed6f..e430a4881 100644
--- a/src/registrar/utility/enums.py
+++ b/src/registrar/utility/enums.py
@@ -74,10 +74,13 @@ class PortfolioDomainRequestStep(StrEnum):
appear in the order they are defined. (Order matters.)
"""
- # Portfolio
- REQUESTING_ENTITY = "organization_name"
+ # NOTE: Append portfolio_ when customizing a view for portfolio.
+ # By default, these will redirect to the normal request flow views.
+ # After creating a new view, you will need to add this to urls.py.
+ REQUESTING_ENTITY = "portfolio_requesting_entity"
CURRENT_SITES = "current_sites"
DOTGOV_DOMAIN = "dotgov_domain"
PURPOSE = "purpose"
- ADDITIONAL_DETAILS = "additional_details"
+ ADDITIONAL_DETAILS = "portfolio_additional_details"
REQUIREMENTS = "requirements"
+ REVIEW = "review"
diff --git a/src/registrar/utility/errors.py b/src/registrar/utility/errors.py
index f12aba221..e70f06d1e 100644
--- a/src/registrar/utility/errors.py
+++ b/src/registrar/utility/errors.py
@@ -249,7 +249,7 @@ class SecurityEmailError(Exception):
"""
_error_mapping = {
- SecurityEmailErrorCodes.BAD_DATA: ("Enter an email address in the required format, " "like name@example.com."),
+ SecurityEmailErrorCodes.BAD_DATA: ("Enter an email address in the required format, like name@example.com."),
}
def __init__(self, *args, code=None, **kwargs):
diff --git a/src/registrar/views/domain_request.py b/src/registrar/views/domain_request.py
index b7462f300..7bbe78775 100644
--- a/src/registrar/views/domain_request.py
+++ b/src/registrar/views/domain_request.py
@@ -43,8 +43,8 @@ class DomainRequestWizard(DomainRequestWizardPermissionView, TemplateView):
although not without consulting the base implementation, first.
"""
- StepEnum: Step = Step # type: ignore
template_name = ""
+ is_portfolio = False
# uniquely namespace the wizard in urls.py
# (this is not seen _in_ urls, only for Django's internal naming)
@@ -54,42 +54,140 @@ class DomainRequestWizard(DomainRequestWizardPermissionView, TemplateView):
# name for accessing /domain-request//edit
EDIT_URL_NAME = "edit-domain-request"
NEW_URL_NAME = "/request/"
+
+ # region: Titles
# We need to pass our human-readable step titles as context to the templates.
- TITLES = {
- StepEnum.ORGANIZATION_TYPE: _("Type of organization"),
- StepEnum.TRIBAL_GOVERNMENT: _("Tribal government"),
- StepEnum.ORGANIZATION_FEDERAL: _("Federal government branch"),
- StepEnum.ORGANIZATION_ELECTION: _("Election office"),
- StepEnum.ORGANIZATION_CONTACT: _("Organization"),
- StepEnum.ABOUT_YOUR_ORGANIZATION: _("About your organization"),
- StepEnum.SENIOR_OFFICIAL: _("Senior official"),
- StepEnum.CURRENT_SITES: _("Current websites"),
- StepEnum.DOTGOV_DOMAIN: _(".gov domain"),
- StepEnum.PURPOSE: _("Purpose of your domain"),
- StepEnum.OTHER_CONTACTS: _("Other employees from your organization"),
- StepEnum.ADDITIONAL_DETAILS: _("Additional details"),
- StepEnum.REQUIREMENTS: _("Requirements for operating a .gov domain"),
- StepEnum.REVIEW: _("Review and submit your domain request"),
+ REGULAR_TITLES = {
+ Step.ORGANIZATION_TYPE: _("Type of organization"),
+ Step.TRIBAL_GOVERNMENT: _("Tribal government"),
+ Step.ORGANIZATION_FEDERAL: _("Federal government branch"),
+ Step.ORGANIZATION_ELECTION: _("Election office"),
+ Step.ORGANIZATION_CONTACT: _("Organization"),
+ Step.ABOUT_YOUR_ORGANIZATION: _("About your organization"),
+ Step.SENIOR_OFFICIAL: _("Senior official"),
+ Step.CURRENT_SITES: _("Current websites"),
+ Step.DOTGOV_DOMAIN: _(".gov domain"),
+ Step.PURPOSE: _("Purpose of your domain"),
+ Step.OTHER_CONTACTS: _("Other employees from your organization"),
+ Step.ADDITIONAL_DETAILS: _("Additional details"),
+ Step.REQUIREMENTS: _("Requirements for operating a .gov domain"),
+ Step.REVIEW: _("Review and submit your domain request"),
}
+ # Titles for the portfolio context
+ PORTFOLIO_TITLES = {
+ PortfolioDomainRequestStep.REQUESTING_ENTITY: _("Requesting entity"),
+ PortfolioDomainRequestStep.CURRENT_SITES: _("Current websites"),
+ PortfolioDomainRequestStep.DOTGOV_DOMAIN: _(".gov domain"),
+ PortfolioDomainRequestStep.PURPOSE: _("Purpose of your domain"),
+ PortfolioDomainRequestStep.ADDITIONAL_DETAILS: _("Additional details"),
+ PortfolioDomainRequestStep.REQUIREMENTS: _("Requirements for operating a .gov domain"),
+ PortfolioDomainRequestStep.REVIEW: _("Review and submit your domain request"),
+ }
+ # endregion
+
+ # region: Wizard conditions
# We can use a dictionary with step names and callables that return booleans
# to show or hide particular steps based on the state of the process.
- WIZARD_CONDITIONS = {
- StepEnum.ORGANIZATION_FEDERAL: lambda w: w.from_model("show_organization_federal", False),
- StepEnum.TRIBAL_GOVERNMENT: lambda w: w.from_model("show_tribal_government", False),
- StepEnum.ORGANIZATION_ELECTION: lambda w: w.from_model("show_organization_election", False),
- StepEnum.ABOUT_YOUR_ORGANIZATION: lambda w: w.from_model("show_about_your_organization", False),
+ REGULAR_WIZARD_CONDITIONS = {
+ Step.ORGANIZATION_FEDERAL: lambda w: w.from_model("show_organization_federal", False),
+ Step.TRIBAL_GOVERNMENT: lambda w: w.from_model("show_tribal_government", False),
+ Step.ORGANIZATION_ELECTION: lambda w: w.from_model("show_organization_election", False),
+ Step.ABOUT_YOUR_ORGANIZATION: lambda w: w.from_model("show_about_your_organization", False),
}
+ PORTFOLIO_WIZARD_CONDITIONS = {} # type: ignore
+ # endregion
+
+ # region: Unlocking steps
+ # The conditions by which each step is "unlocked" or "locked"
+ REGULAR_UNLOCKING_STEPS = {
+ Step.ORGANIZATION_TYPE: lambda self: self.domain_request.generic_org_type is not None,
+ Step.TRIBAL_GOVERNMENT: lambda self: self.domain_request.tribe_name is not None,
+ Step.ORGANIZATION_FEDERAL: lambda self: self.domain_request.federal_type is not None,
+ Step.ORGANIZATION_ELECTION: lambda self: self.domain_request.is_election_board is not None,
+ Step.ORGANIZATION_CONTACT: lambda self: (
+ self.domain_request.federal_agency is not None
+ or self.domain_request.organization_name is not None
+ or self.domain_request.address_line1 is not None
+ or self.domain_request.city is not None
+ or self.domain_request.state_territory is not None
+ or self.domain_request.zipcode is not None
+ or self.domain_request.urbanization is not None
+ ),
+ Step.ABOUT_YOUR_ORGANIZATION: lambda self: self.domain_request.about_your_organization is not None,
+ Step.SENIOR_OFFICIAL: lambda self: self.domain_request.senior_official is not None,
+ Step.CURRENT_SITES: lambda self: (
+ self.domain_request.current_websites.exists() or self.domain_request.requested_domain is not None
+ ),
+ Step.DOTGOV_DOMAIN: lambda self: self.domain_request.requested_domain is not None,
+ Step.PURPOSE: lambda self: self.domain_request.purpose is not None,
+ Step.OTHER_CONTACTS: lambda self: (
+ self.domain_request.other_contacts.exists() or self.domain_request.no_other_contacts_rationale is not None
+ ),
+ Step.ADDITIONAL_DETAILS: lambda self: (
+ # Additional details is complete as long as "has anything else" and "has cisa rep" are not None
+ (
+ self.domain_request.has_anything_else_text is not None
+ and self.domain_request.has_cisa_representative is not None
+ )
+ ),
+ Step.REQUIREMENTS: lambda self: self.domain_request.is_policy_acknowledged is not None,
+ Step.REVIEW: lambda self: self.domain_request.is_policy_acknowledged is not None,
+ }
+
+ PORTFOLIO_UNLOCKING_STEPS = {
+ PortfolioDomainRequestStep.REQUESTING_ENTITY: lambda self: self.domain_request.organization_name is not None,
+ PortfolioDomainRequestStep.CURRENT_SITES: lambda self: (
+ self.domain_request.current_websites.exists() or self.domain_request.requested_domain is not None
+ ),
+ PortfolioDomainRequestStep.DOTGOV_DOMAIN: lambda self: self.domain_request.requested_domain is not None,
+ PortfolioDomainRequestStep.PURPOSE: lambda self: self.domain_request.purpose is not None,
+ PortfolioDomainRequestStep.ADDITIONAL_DETAILS: lambda self: self.domain_request.anything_else is not None,
+ PortfolioDomainRequestStep.REQUIREMENTS: lambda self: self.domain_request.is_policy_acknowledged is not None,
+ PortfolioDomainRequestStep.REVIEW: lambda self: self.domain_request.is_policy_acknowledged is not None,
+ }
+ # endregion
+
def __init__(self):
super().__init__()
- self.steps = StepsHelper(self)
+ self.titles = {}
+ self.wizard_conditions = {}
+ self.unlocking_steps = {}
+ self.steps = None
+ # Configure titles, wizard_conditions, unlocking_steps, and steps
+ self.configure_step_options()
self._domain_request = None # for caching
+ def configure_step_options(self):
+ """Changes which steps are available to the user based on self.is_portfolio.
+ This may change on the fly, so we need to evaluate it on the fly.
+
+ Using this information, we then set three configuration variables.
+ - self.titles => Returns the page titles for each step
+ - self.wizard_conditions => Conditionally shows / hides certain steps
+ - self.unlocking_steps => Determines what steps are locked/unlocked
+
+ Then, we create self.steps.
+ """
+ if self.is_portfolio:
+ self.titles = self.PORTFOLIO_TITLES
+ self.wizard_conditions = self.PORTFOLIO_WIZARD_CONDITIONS
+ self.unlocking_steps = self.PORTFOLIO_UNLOCKING_STEPS
+ else:
+ self.titles = self.REGULAR_TITLES
+ self.wizard_conditions = self.REGULAR_WIZARD_CONDITIONS
+ self.unlocking_steps = self.REGULAR_UNLOCKING_STEPS
+ self.steps = StepsHelper(self)
+
def has_pk(self):
"""Does this wizard know about a DomainRequest database record?"""
return "domain_request_id" in self.storage
+ def get_step_enum(self):
+ """Determines which step enum we should use for the wizard"""
+ return PortfolioDomainRequestStep if self.is_portfolio else Step
+
@property
def prefix(self):
"""Namespace the wizard to avoid clashes in session variable names."""
@@ -128,10 +226,16 @@ class DomainRequestWizard(DomainRequestWizardPermissionView, TemplateView):
# If a user is creating a request, we assume that perms are handled upstream
if self.request.user.is_org_user(self.request):
+ portfolio = self.request.session.get("portfolio")
self._domain_request = DomainRequest.objects.create(
creator=self.request.user,
- portfolio=self.request.session.get("portfolio"),
+ portfolio=portfolio,
)
+
+ # Question for reviewers: we should probably be doing this right?
+ if portfolio and not self._domain_request.generic_org_type:
+ self._domain_request.generic_org_type = portfolio.organization_type
+ self._domain_request.save()
else:
self._domain_request = DomainRequest.objects.create(creator=self.request.user)
@@ -190,6 +294,12 @@ class DomainRequestWizard(DomainRequestWizardPermissionView, TemplateView):
def get(self, request, *args, **kwargs):
"""This method handles GET requests."""
+
+ if not self.is_portfolio and self.request.user.is_org_user(request):
+ self.is_portfolio = True
+ # Configure titles, wizard_conditions, unlocking_steps, and steps
+ self.configure_step_options()
+
current_url = resolve(request.path_info).url_name
# if user visited via an "edit" url, associate the id of the
@@ -209,7 +319,7 @@ class DomainRequestWizard(DomainRequestWizardPermissionView, TemplateView):
# Clear context so the prop getter won't create a request here.
# Creating a request will be handled in the post method for the
# intro page.
- return render(request, "domain_request_intro.html", {})
+ return render(request, "domain_request_intro.html", {"hide_requests": True, "hide_domains": True})
else:
return self.goto(self.steps.first)
@@ -321,56 +431,9 @@ class DomainRequestWizard(DomainRequestWizardPermissionView, TemplateView):
return DomainRequest.objects.filter(creator=self.request.user, status__in=check_statuses)
def db_check_for_unlocking_steps(self):
- """Helper for get_context_data
-
+ """Helper for get_context_data.
Queries the DB for a domain request and returns a list of unlocked steps."""
-
- # The way this works is as follows:
- # Each step is assigned a true/false value to determine if it is
- # "unlocked" or not. This dictionary of values is looped through
- # at the end of this function and any step with a "true" value is
- # added to a simple array that is returned at the end of this function.
- # This array is eventually passed to the frontend context (eg. domain_request_sidebar.html),
- # and is used to determine how steps appear in the side nav.
- # It is worth noting that any step assigned "false" here will be EXCLUDED
- # from the list of "unlocked" steps.
-
- history_dict = {
- "generic_org_type": self.domain_request.generic_org_type is not None,
- "tribal_government": self.domain_request.tribe_name is not None,
- "organization_federal": self.domain_request.federal_type is not None,
- "organization_election": self.domain_request.is_election_board is not None,
- "organization_contact": (
- self.domain_request.federal_agency is not None
- or self.domain_request.organization_name is not None
- or self.domain_request.address_line1 is not None
- or self.domain_request.city is not None
- or self.domain_request.state_territory is not None
- or self.domain_request.zipcode is not None
- or self.domain_request.urbanization is not None
- ),
- "about_your_organization": self.domain_request.about_your_organization is not None,
- "senior_official": self.domain_request.senior_official is not None,
- "current_sites": (
- self.domain_request.current_websites.exists() or self.domain_request.requested_domain is not None
- ),
- "dotgov_domain": self.domain_request.requested_domain is not None,
- "purpose": self.domain_request.purpose is not None,
- "other_contacts": (
- self.domain_request.other_contacts.exists()
- or self.domain_request.no_other_contacts_rationale is not None
- ),
- "additional_details": (
- # Additional details is complete as long as "has anything else" and "has cisa rep" are not None
- (
- self.domain_request.has_anything_else_text is not None
- and self.domain_request.has_cisa_representative is not None
- )
- ),
- "requirements": self.domain_request.is_policy_acknowledged is not None,
- "review": self.domain_request.is_policy_acknowledged is not None,
- }
- return [key for key, value in history_dict.items() if value]
+ return [key for key, is_unlocked_checker in self.unlocking_steps.items() if is_unlocked_checker(self)]
def get_context_data(self):
"""Define context for access on all wizard pages."""
@@ -380,17 +443,22 @@ class DomainRequestWizard(DomainRequestWizardPermissionView, TemplateView):
requested_domain_name = self.domain_request.requested_domain.name
context_stuff = {}
- if DomainRequest._form_complete(self.domain_request, self.request):
+
+ # Note: we will want to consolidate the non_org_steps_complete check into the same check that
+ # org_steps_complete is using at some point.
+ non_org_steps_complete = DomainRequest._form_complete(self.domain_request, self.request)
+ org_steps_complete = len(self.db_check_for_unlocking_steps()) == len(self.steps)
+ if (not self.is_portfolio and non_org_steps_complete) or (self.is_portfolio and org_steps_complete):
modal_button = 'Submit request "
context_stuff = {
"not_form": False,
- "form_titles": self.TITLES,
+ "form_titles": self.titles,
"steps": self.steps,
"visited": self.storage.get("step_history", []),
"is_federal": self.domain_request.is_federal(),
"modal_button": modal_button,
- "modal_heading": "You are about to submit a domain request for "
- + str(self.domain_request.requested_domain),
+ "modal_heading": "You are about to submit a domain request for ",
+ "domain_name_modal": str(self.domain_request.requested_domain),
"modal_description": "Once you submit this request, you won’t be able to edit it until we review it.\
You’ll only be able to withdraw your request.",
"review_form_is_complete": True,
@@ -401,7 +469,7 @@ class DomainRequestWizard(DomainRequestWizardPermissionView, TemplateView):
modal_button = 'Return to request '
context_stuff = {
"not_form": True,
- "form_titles": self.TITLES,
+ "form_titles": self.titles,
"steps": self.steps,
"visited": self.storage.get("step_history", []),
"is_federal": self.domain_request.is_federal(),
@@ -413,14 +481,19 @@ class DomainRequestWizard(DomainRequestWizardPermissionView, TemplateView):
"user": self.request.user,
"requested_domain__name": requested_domain_name,
}
+
+ # Hides the requests and domains buttons in the navbar
+ context_stuff["hide_requests"] = self.is_portfolio
+ context_stuff["hide_domains"] = self.is_portfolio
+
return context_stuff
def get_step_list(self) -> list:
"""Dynamically generated list of steps in the form wizard."""
- return request_step_list(self)
+ return request_step_list(self, self.get_step_enum())
def goto(self, step):
- if step == "generic_org_type":
+ if step == "generic_org_type" or step == "portfolio_requesting_entity":
# We need to avoid creating a new domain request if the user
# clicks the back button
self.request.session["new_request"] = False
@@ -443,21 +516,21 @@ class DomainRequestWizard(DomainRequestWizardPermissionView, TemplateView):
def post(self, request, *args, **kwargs) -> HttpResponse:
"""This method handles POST requests."""
+ if not self.is_portfolio and self.request.user.is_org_user(request): # type: ignore
+ self.is_portfolio = True
+ # Configure titles, wizard_conditions, unlocking_steps, and steps
+ self.configure_step_options()
# which button did the user press?
button: str = request.POST.get("submit_button", "")
- # If a user hits the new request url directly
+
if "new_request" not in request.session:
request.session["new_request"] = True
+
# if user has acknowledged the intro message
if button == "intro_acknowledge":
- if request.path_info == self.NEW_URL_NAME:
-
- if self.request.session["new_request"] is True:
- # This will trigger the domain_request getter into creating a new DomainRequest
- del self.storage
-
- return self.goto(self.steps.first)
+ # Split into a function: C901 'DomainRequestWizard.post' is too complex (11)
+ self.handle_intro_acknowledge(request)
# if accessing this class directly, redirect to the first step
if self.__class__ == DomainRequestWizard:
@@ -488,6 +561,14 @@ class DomainRequestWizard(DomainRequestWizardPermissionView, TemplateView):
# otherwise, proceed as normal
return self.goto_next_step()
+ def handle_intro_acknowledge(self, request):
+ """If we are starting a new request, clear storage
+ and redirect to the first step"""
+ if request.path_info == self.NEW_URL_NAME:
+ if self.request.session["new_request"] is True:
+ del self.storage
+ return self.goto(self.steps.first)
+
def save(self, forms: list):
"""
Unpack the form responses onto the model object properties.
@@ -501,24 +582,22 @@ class DomainRequestWizard(DomainRequestWizardPermissionView, TemplateView):
# TODO - this is a WIP until the domain request experience for portfolios is complete
class PortfolioDomainRequestWizard(DomainRequestWizard):
- StepEnum: PortfolioDomainRequestStep = PortfolioDomainRequestStep # type: ignore
-
- TITLES = {
- StepEnum.REQUESTING_ENTITY: _("Requesting entity"),
- StepEnum.CURRENT_SITES: _("Current websites"),
- StepEnum.DOTGOV_DOMAIN: _(".gov domain"),
- StepEnum.PURPOSE: _("Purpose of your domain"),
- StepEnum.ADDITIONAL_DETAILS: _("Additional details"),
- StepEnum.REQUIREMENTS: _("Requirements for operating a .gov domain"),
- # Step.REVIEW: _("Review and submit your domain request"),
- }
-
- def __init__(self):
- super().__init__()
- self.steps = StepsHelper(self)
- self._domain_request = None # for caching
+ is_portfolio = True
+# Portfolio pages
+class RequestingEntity(DomainRequestWizard):
+ template_name = "domain_request_requesting_entity.html"
+ forms = [forms.RequestingEntityForm]
+
+
+class PortfolioAdditionalDetails(DomainRequestWizard):
+ template_name = "portfolio_domain_request_additional_details.html"
+
+ forms = [forms.AnythingElseForm]
+
+
+# Non-portfolio pages
class OrganizationType(DomainRequestWizard):
template_name = "domain_request_org_type.html"
forms = [forms.OrganizationTypeForm]
@@ -698,7 +777,7 @@ class Review(DomainRequestWizard):
if DomainRequest._form_complete(self.domain_request, self.request) is False:
logger.warning("User arrived at review page with an incomplete form.")
context = super().get_context_data()
- context["Step"] = Step.__members__
+ context["Step"] = self.get_step_enum().__members__
context["domain_request"] = self.domain_request
return context
@@ -899,9 +978,9 @@ class PortfolioDomainRequestStatusViewOnly(DomainRequestPortfolioViewonlyView):
# Create a temp wizard object to grab the step list
wizard = PortfolioDomainRequestWizard()
wizard.request = self.request
- context["Step"] = wizard.StepEnum.__members__
- context["steps"] = request_step_list(wizard)
- context["form_titles"] = wizard.TITLES
+ context["Step"] = PortfolioDomainRequestStep.__members__
+ context["steps"] = request_step_list(wizard, PortfolioDomainRequestStep)
+ context["form_titles"] = wizard.titles
return context
diff --git a/src/registrar/views/portfolio_members_json.py b/src/registrar/views/portfolio_members_json.py
index 133e6750e..d2f2276cf 100644
--- a/src/registrar/views/portfolio_members_json.py
+++ b/src/registrar/views/portfolio_members_json.py
@@ -1,45 +1,41 @@
from django.http import JsonResponse
from django.core.paginator import Paginator
from django.contrib.auth.decorators import login_required
-from django.db.models import Q
+from django.db.models import Value, F, CharField, TextField, Q, Case, When
+from django.db.models.functions import Concat, Coalesce
+from django.urls import reverse
+from django.db.models.functions import Cast
from registrar.models.portfolio_invitation import PortfolioInvitation
-from registrar.models.user import User
from registrar.models.user_portfolio_permission import UserPortfolioPermission
from registrar.models.utility.portfolio_helper import UserPortfolioRoleChoices
@login_required
def get_portfolio_members_json(request):
- """Given the current request,
- get all members that are associated with the given portfolio"""
+ """Fetch members (permissions and invitations) for the given portfolio."""
+
portfolio = request.GET.get("portfolio")
- member_ids = get_member_ids_from_request(request, portfolio)
- objects = User.objects.filter(id__in=member_ids)
- admin_ids = UserPortfolioPermission.objects.filter(
- portfolio=portfolio,
- roles__overlap=[
- UserPortfolioRoleChoices.ORGANIZATION_ADMIN,
- ],
- ).values_list("user__id", flat=True)
- portfolio_invitation_emails = PortfolioInvitation.objects.filter(portfolio=portfolio).values_list(
- "email", flat=True
- )
+ # Two initial querysets which will be combined
+ permissions = initial_permissions_search(portfolio)
+ invitations = initial_invitations_search(portfolio)
- unfiltered_total = objects.count()
+ # Get total across both querysets before applying filters
+ unfiltered_total = permissions.count() + invitations.count()
- objects = apply_search(objects, request)
- # objects = apply_status_filter(objects, request)
+ permissions = apply_search_term(permissions, request)
+ invitations = apply_search_term(invitations, request)
+
+ # Union the two querysets
+ objects = permissions.union(invitations)
objects = apply_sorting(objects, request)
paginator = Paginator(objects, 10)
page_number = request.GET.get("page", 1)
page_obj = paginator.get_page(page_number)
- members = [
- serialize_members(request, portfolio, member, request.user, admin_ids, portfolio_invitation_emails)
- for member in page_obj.object_list
- ]
+
+ members = [serialize_members(request, portfolio, item, request.user) for item in page_obj.object_list]
return JsonResponse(
{
@@ -54,71 +50,121 @@ def get_portfolio_members_json(request):
)
-def get_member_ids_from_request(request, portfolio):
- """Given the current request,
- get all members that are associated with the given portfolio"""
- member_ids = []
- if portfolio:
- member_ids = UserPortfolioPermission.objects.filter(portfolio=portfolio).values_list("user__id", flat=True)
- return member_ids
+def initial_permissions_search(portfolio):
+ """Perform initial search for permissions before applying any filters."""
+ permissions = UserPortfolioPermission.objects.filter(portfolio=portfolio)
+ permissions = (
+ permissions.select_related("user")
+ .annotate(
+ first_name=F("user__first_name"),
+ last_name=F("user__last_name"),
+ email_display=F("user__email"),
+ last_active=Cast(F("user__last_login"), output_field=TextField()), # Cast last_login to text
+ additional_permissions_display=F("additional_permissions"),
+ member_display=Case(
+ # If email is present and not blank, use email
+ When(Q(user__email__isnull=False) & ~Q(user__email=""), then=F("user__email")),
+ # If first name or last name is present, use concatenation of first_name + " " + last_name
+ When(
+ Q(user__first_name__isnull=False) | Q(user__last_name__isnull=False),
+ then=Concat(
+ Coalesce(F("user__first_name"), Value("")),
+ Value(" "),
+ Coalesce(F("user__last_name"), Value("")),
+ ),
+ ),
+ # If neither, use an empty string
+ default=Value(""),
+ output_field=CharField(),
+ ),
+ source=Value("permission", output_field=CharField()),
+ )
+ .values(
+ "id",
+ "first_name",
+ "last_name",
+ "email_display",
+ "last_active",
+ "roles",
+ "additional_permissions_display",
+ "member_display",
+ "source",
+ )
+ )
+ return permissions
-def apply_search(queryset, request):
- search_term = request.GET.get("search_term")
+def initial_invitations_search(portfolio):
+ """Perform initial invitations search before applying any filters."""
+ invitations = PortfolioInvitation.objects.filter(portfolio=portfolio)
+ invitations = invitations.annotate(
+ first_name=Value(None, output_field=CharField()),
+ last_name=Value(None, output_field=CharField()),
+ email_display=F("email"),
+ last_active=Value("Invited", output_field=TextField()),
+ additional_permissions_display=F("additional_permissions"),
+ member_display=F("email"),
+ source=Value("invitation", output_field=CharField()),
+ ).values(
+ "id",
+ "first_name",
+ "last_name",
+ "email_display",
+ "last_active",
+ "roles",
+ "additional_permissions_display",
+ "member_display",
+ "source",
+ )
+ return invitations
+
+def apply_search_term(queryset, request):
+ """Apply search term to the queryset."""
+ search_term = request.GET.get("search_term", "").lower()
if search_term:
queryset = queryset.filter(
- Q(username__icontains=search_term)
- | Q(first_name__icontains=search_term)
+ Q(first_name__icontains=search_term)
| Q(last_name__icontains=search_term)
- | Q(email__icontains=search_term)
+ | Q(email_display__icontains=search_term)
)
return queryset
def apply_sorting(queryset, request):
+ """Apply sorting to the queryset."""
sort_by = request.GET.get("sort_by", "id") # Default to 'id'
order = request.GET.get("order", "asc") # Default to 'asc'
-
+ # Adjust sort_by to match the annotated fields in the unioned queryset
if sort_by == "member":
- sort_by = ["email", "first_name", "middle_name", "last_name"]
- else:
- sort_by = [sort_by]
-
+ sort_by = "member_display"
if order == "desc":
- sort_by = [f"-{field}" for field in sort_by]
-
- return queryset.order_by(*sort_by)
+ queryset = queryset.order_by(F(sort_by).desc())
+ else:
+ queryset = queryset.order_by(sort_by)
+ return queryset
-def serialize_members(request, portfolio, member, user, admin_ids, portfolio_invitation_emails):
- # ------- VIEW ONLY
- # If not view_only (the user has permissions to edit/manage users), show the gear icon with "Manage" link.
- # If view_only (the user only has view user permissions), show the "View" link (no gear icon).
- # We check on user_group_permision to account for the upcoming "Manage portfolio" button on admin.
- user_can_edit_other_users = False
- for user_group_permission in ["registrar.full_access_permission", "registrar.change_user"]:
- if user.has_perm(user_group_permission):
- user_can_edit_other_users = True
- break
+def serialize_members(request, portfolio, item, user):
+ # Check if the user can edit other users
+ user_can_edit_other_users = any(
+ user.has_perm(perm) for perm in ["registrar.full_access_permission", "registrar.change_user"]
+ )
view_only = not user.has_edit_members_portfolio_permission(portfolio) or not user_can_edit_other_users
- # ------- USER STATUSES
- is_invited = member.email in portfolio_invitation_emails
- last_active = "Invited" if is_invited else "Unknown"
- if member.last_login:
- last_active = member.last_login.strftime("%b. %d, %Y")
- is_admin = member.id in admin_ids
+ is_admin = UserPortfolioRoleChoices.ORGANIZATION_ADMIN in (item.get("roles") or [])
+ action_url = reverse("member" if item["source"] == "permission" else "invitedmember", kwargs={"pk": item["id"]})
- # ------- SERIALIZE
+ # Serialize member data
member_json = {
- "id": member.id,
- "name": member.get_formatted_name(),
- "email": member.email,
+ "id": item.get("id", ""),
+ "name": " ".join(filter(None, [item.get("first_name", ""), item.get("last_name", "")])),
+ "email": item.get("email_display", ""),
+ "member_display": item.get("member_display", ""),
"is_admin": is_admin,
- "last_active": last_active,
- "action_url": "#", # reverse("members", kwargs={"pk": member.id}), # TODO: Future ticket?
+ "last_active": item.get("last_active", ""),
+ "action_url": action_url,
"action_label": ("View" if view_only else "Manage"),
"svg_icon": ("visibility" if view_only else "settings"),
}
diff --git a/src/registrar/views/portfolios.py b/src/registrar/views/portfolios.py
index 552fdb6ff..cc1a09b25 100644
--- a/src/registrar/views/portfolios.py
+++ b/src/registrar/views/portfolios.py
@@ -3,20 +3,30 @@ from django.http import Http404
from django.shortcuts import render
from django.urls import reverse
from django.contrib import messages
-from registrar.forms.portfolio import PortfolioOrgAddressForm, PortfolioSeniorOfficialForm
+from registrar.forms.portfolio import (
+ PortfolioInvitedMemberForm,
+ PortfolioMemberForm,
+ PortfolioOrgAddressForm,
+ PortfolioSeniorOfficialForm,
+)
from registrar.models import Portfolio, User
+from registrar.models.portfolio_invitation import PortfolioInvitation
from registrar.models.user_portfolio_permission import UserPortfolioPermission
-from registrar.models.utility.portfolio_helper import UserPortfolioRoleChoices
+from registrar.models.utility.portfolio_helper import UserPortfolioPermissionChoices, UserPortfolioRoleChoices
from registrar.views.utility.permission_views import (
PortfolioDomainRequestsPermissionView,
PortfolioDomainsPermissionView,
PortfolioBasePermissionView,
NoPortfolioDomainsPermissionView,
+ PortfolioInvitedMemberEditPermissionView,
+ PortfolioInvitedMemberPermissionView,
+ PortfolioMemberEditPermissionView,
+ PortfolioMemberPermissionView,
PortfolioMembersPermissionView,
)
from django.views.generic import View
from django.views.generic.edit import FormMixin
-
+from django.shortcuts import get_object_or_404, redirect
logger = logging.getLogger(__name__)
@@ -51,6 +61,155 @@ class PortfolioMembersView(PortfolioMembersPermissionView, View):
return render(request, "portfolio_members.html")
+class PortfolioMemberView(PortfolioMemberPermissionView, View):
+
+ template_name = "portfolio_member.html"
+
+ def get(self, request, pk):
+ portfolio_permission = get_object_or_404(UserPortfolioPermission, pk=pk)
+ member = portfolio_permission.user
+
+ # We have to explicitely name these with member_ otherwise we'll have conflicts with context preprocessors
+ member_has_view_all_requests_portfolio_permission = member.has_view_all_requests_portfolio_permission(
+ portfolio_permission.portfolio
+ )
+ member_has_edit_request_portfolio_permission = member.has_edit_request_portfolio_permission(
+ portfolio_permission.portfolio
+ )
+ member_has_view_members_portfolio_permission = member.has_view_members_portfolio_permission(
+ portfolio_permission.portfolio
+ )
+ member_has_edit_members_portfolio_permission = member.has_edit_members_portfolio_permission(
+ portfolio_permission.portfolio
+ )
+
+ return render(
+ request,
+ self.template_name,
+ {
+ "edit_url": reverse("member-permissions", args=[pk]),
+ "portfolio_permission": portfolio_permission,
+ "member": member,
+ "member_has_view_all_requests_portfolio_permission": member_has_view_all_requests_portfolio_permission,
+ "member_has_edit_request_portfolio_permission": member_has_edit_request_portfolio_permission,
+ "member_has_view_members_portfolio_permission": member_has_view_members_portfolio_permission,
+ "member_has_edit_members_portfolio_permission": member_has_edit_members_portfolio_permission,
+ },
+ )
+
+
+class PortfolioMemberEditView(PortfolioMemberEditPermissionView, View):
+
+ template_name = "portfolio_member_permissions.html"
+ form_class = PortfolioMemberForm
+
+ def get(self, request, pk):
+ portfolio_permission = get_object_or_404(UserPortfolioPermission, pk=pk)
+ user = portfolio_permission.user
+
+ form = self.form_class(instance=portfolio_permission)
+
+ return render(
+ request,
+ self.template_name,
+ {
+ "form": form,
+ "member": user,
+ },
+ )
+
+ def post(self, request, pk):
+ portfolio_permission = get_object_or_404(UserPortfolioPermission, pk=pk)
+ user = portfolio_permission.user
+
+ form = self.form_class(request.POST, instance=portfolio_permission)
+
+ if form.is_valid():
+ form.save()
+ return redirect("member", pk=pk)
+
+ return render(
+ request,
+ self.template_name,
+ {
+ "form": form,
+ "member": user, # Pass the user object again to the template
+ },
+ )
+
+
+class PortfolioInvitedMemberView(PortfolioInvitedMemberPermissionView, View):
+
+ template_name = "portfolio_member.html"
+ # form_class = PortfolioInvitedMemberForm
+
+ def get(self, request, pk):
+ portfolio_invitation = get_object_or_404(PortfolioInvitation, pk=pk)
+ # form = self.form_class(instance=portfolio_invitation)
+
+ # We have to explicitely name these with member_ otherwise we'll have conflicts with context preprocessors
+ member_has_view_all_requests_portfolio_permission = (
+ UserPortfolioPermissionChoices.VIEW_ALL_REQUESTS in portfolio_invitation.get_portfolio_permissions()
+ )
+ member_has_edit_request_portfolio_permission = (
+ UserPortfolioPermissionChoices.EDIT_REQUESTS in portfolio_invitation.get_portfolio_permissions()
+ )
+ member_has_view_members_portfolio_permission = (
+ UserPortfolioPermissionChoices.VIEW_MEMBERS in portfolio_invitation.get_portfolio_permissions()
+ )
+ member_has_edit_members_portfolio_permission = (
+ UserPortfolioPermissionChoices.EDIT_MEMBERS in portfolio_invitation.get_portfolio_permissions()
+ )
+
+ return render(
+ request,
+ self.template_name,
+ {
+ "edit_url": reverse("invitedmember-permissions", args=[pk]),
+ "portfolio_invitation": portfolio_invitation,
+ "member_has_view_all_requests_portfolio_permission": member_has_view_all_requests_portfolio_permission,
+ "member_has_edit_request_portfolio_permission": member_has_edit_request_portfolio_permission,
+ "member_has_view_members_portfolio_permission": member_has_view_members_portfolio_permission,
+ "member_has_edit_members_portfolio_permission": member_has_edit_members_portfolio_permission,
+ },
+ )
+
+
+class PortfolioInvitedMemberEditView(PortfolioInvitedMemberEditPermissionView, View):
+
+ template_name = "portfolio_member_permissions.html"
+ form_class = PortfolioInvitedMemberForm
+
+ def get(self, request, pk):
+ portfolio_invitation = get_object_or_404(PortfolioInvitation, pk=pk)
+ form = self.form_class(instance=portfolio_invitation)
+
+ return render(
+ request,
+ self.template_name,
+ {
+ "form": form,
+ "invitation": portfolio_invitation,
+ },
+ )
+
+ def post(self, request, pk):
+ portfolio_invitation = get_object_or_404(PortfolioInvitation, pk=pk)
+ form = self.form_class(request.POST, instance=portfolio_invitation)
+ if form.is_valid():
+ form.save()
+ return redirect("invitedmember", pk=pk)
+
+ return render(
+ request,
+ self.template_name,
+ {
+ "form": form,
+ "invitation": portfolio_invitation, # Pass the user object again to the template
+ },
+ )
+
+
class PortfolioNoDomainsView(NoPortfolioDomainsPermissionView, View):
"""Some users have access to the underlying portfolio, but not any domains.
This is a custom view which explains that to the user - and denotes who to contact.
diff --git a/src/registrar/views/utility/api_views.py b/src/registrar/views/utility/api_views.py
index f9522e2e9..9d73b5197 100644
--- a/src/registrar/views/utility/api_views.py
+++ b/src/registrar/views/utility/api_views.py
@@ -4,7 +4,7 @@ from django.forms.models import model_to_dict
from registrar.models import FederalAgency, SeniorOfficial, DomainRequest
from django.contrib.admin.views.decorators import staff_member_required
from django.contrib.auth.decorators import login_required
-from registrar.utility.admin_helpers import get_all_action_needed_reason_emails
+from registrar.utility.admin_helpers import get_action_needed_reason_default_email, get_rejection_reason_default_email
from registrar.models.portfolio import Portfolio
from registrar.utility.constants import BranchChoices
@@ -88,5 +88,30 @@ def get_action_needed_email_for_user_json(request):
return JsonResponse({"error": "No domain_request_id specified"}, status=404)
domain_request = DomainRequest.objects.filter(id=domain_request_id).first()
- emails = get_all_action_needed_reason_emails(request, domain_request)
- return JsonResponse({"action_needed_email": emails.get(reason)}, status=200)
+
+ email = get_action_needed_reason_default_email(domain_request, reason)
+ return JsonResponse({"email": email}, status=200)
+
+
+@login_required
+@staff_member_required
+def get_rejection_email_for_user_json(request):
+ """Returns a default rejection email for a given user"""
+
+ # This API is only accessible to admins and analysts
+ superuser_perm = request.user.has_perm("registrar.full_access_permission")
+ analyst_perm = request.user.has_perm("registrar.analyst_access_permission")
+ if not request.user.is_authenticated or not any([analyst_perm, superuser_perm]):
+ return JsonResponse({"error": "You do not have access to this resource"}, status=403)
+
+ reason = request.GET.get("reason")
+ domain_request_id = request.GET.get("domain_request_id")
+ if not reason:
+ return JsonResponse({"error": "No reason specified"}, status=404)
+
+ if not domain_request_id:
+ return JsonResponse({"error": "No domain_request_id specified"}, status=404)
+
+ domain_request = DomainRequest.objects.filter(id=domain_request_id).first()
+ email = get_rejection_reason_default_email(domain_request, reason)
+ return JsonResponse({"email": email}, status=200)
diff --git a/src/registrar/views/utility/mixins.py b/src/registrar/views/utility/mixins.py
index 2cb2a599b..9cee2f61a 100644
--- a/src/registrar/views/utility/mixins.py
+++ b/src/registrar/views/utility/mixins.py
@@ -384,10 +384,32 @@ class DomainRequestWizardPermission(PermissionsLoginMixin):
The user is in self.request.user
"""
+ if not self.request.user.is_authenticated:
+ return False
+
# The user has an ineligible flag
if self.request.user.is_restricted():
return False
+ # If the user is an org user and doesn't have add/edit perms, forbid this
+ if self.request.user.is_org_user(self.request):
+ portfolio = self.request.session.get("portfolio")
+ if not self.request.user.has_edit_request_portfolio_permission(portfolio):
+ return False
+
+ # user needs to be the creator of the domain request to edit it.
+ id = self.kwargs.get("id") if hasattr(self, "kwargs") else None
+ if not id:
+ domain_request_wizard = self.request.session.get("wizard_domain_request")
+ if domain_request_wizard:
+ id = domain_request_wizard.get("domain_request_id")
+
+ # If no id is provided, we can assume that the user is starting a new request.
+ # If one IS provided, check that they are the original creator of it.
+ if id:
+ if not DomainRequest.objects.filter(creator=self.request.user, id=id).exists():
+ return False
+
return True
@@ -490,7 +512,81 @@ class PortfolioMembersPermission(PortfolioBasePermission):
up from the portfolio's primary key in self.kwargs["pk"]"""
portfolio = self.request.session.get("portfolio")
- if not self.request.user.has_view_members_portfolio_permission(portfolio):
+ if not self.request.user.has_view_members_portfolio_permission(
+ portfolio
+ ) and not self.request.user.has_edit_members_portfolio_permission(portfolio):
+ return False
+
+ return super().has_permission()
+
+
+class PortfolioMemberPermission(PortfolioBasePermission):
+ """Permission mixin that allows access to portfolio member pages if user
+ has access, otherwise 403"""
+
+ def has_permission(self):
+ """Check if this user has access to members for this portfolio.
+
+ The user is in self.request.user and the portfolio can be looked
+ up from the portfolio's primary key in self.kwargs["pk"]"""
+
+ portfolio = self.request.session.get("portfolio")
+ if not self.request.user.has_view_members_portfolio_permission(
+ portfolio
+ ) and not self.request.user.has_edit_members_portfolio_permission(portfolio):
+ return False
+
+ return super().has_permission()
+
+
+class PortfolioMemberEditPermission(PortfolioBasePermission):
+ """Permission mixin that allows access to portfolio member pages if user
+ has access to edit, otherwise 403"""
+
+ def has_permission(self):
+ """Check if this user has access to members for this portfolio.
+
+ The user is in self.request.user and the portfolio can be looked
+ up from the portfolio's primary key in self.kwargs["pk"]"""
+
+ portfolio = self.request.session.get("portfolio")
+ if not self.request.user.has_edit_members_portfolio_permission(portfolio):
+ return False
+
+ return super().has_permission()
+
+
+class PortfolioInvitedMemberPermission(PortfolioBasePermission):
+ """Permission mixin that allows access to portfolio invited member pages if user
+ has access, otherwise 403"""
+
+ def has_permission(self):
+ """Check if this user has access to members for this portfolio.
+
+ The user is in self.request.user and the portfolio can be looked
+ up from the portfolio's primary key in self.kwargs["pk"]"""
+
+ portfolio = self.request.session.get("portfolio")
+ if not self.request.user.has_view_members_portfolio_permission(
+ portfolio
+ ) and not self.request.user.has_edit_members_portfolio_permission(portfolio):
+ return False
+
+ return super().has_permission()
+
+
+class PortfolioInvitedMemberEditPermission(PortfolioBasePermission):
+ """Permission mixin that allows access to portfolio invited member pages if user
+ has access to edit, otherwise 403"""
+
+ def has_permission(self):
+ """Check if this user has access to members for this portfolio.
+
+ The user is in self.request.user and the portfolio can be looked
+ up from the portfolio's primary key in self.kwargs["pk"]"""
+
+ portfolio = self.request.session.get("portfolio")
+ if not self.request.user.has_edit_members_portfolio_permission(portfolio):
return False
return super().has_permission()
diff --git a/src/registrar/views/utility/permission_views.py b/src/registrar/views/utility/permission_views.py
index 414e58275..c1d25d691 100644
--- a/src/registrar/views/utility/permission_views.py
+++ b/src/registrar/views/utility/permission_views.py
@@ -15,10 +15,14 @@ from .mixins import (
DomainRequestWizardPermission,
PortfolioDomainRequestsPermission,
PortfolioDomainsPermission,
+ PortfolioInvitedMemberEditPermission,
+ PortfolioInvitedMemberPermission,
+ PortfolioMemberEditPermission,
UserDeleteDomainRolePermission,
UserProfilePermission,
PortfolioBasePermission,
PortfolioMembersPermission,
+ PortfolioMemberPermission,
DomainRequestPortfolioViewonlyPermission,
)
import logging
@@ -253,7 +257,41 @@ class PortfolioDomainRequestsPermissionView(PortfolioDomainRequestsPermission, P
class PortfolioMembersPermissionView(PortfolioMembersPermission, PortfolioBasePermissionView, abc.ABC):
- """Abstract base view for portfolio domain request views that enforces permissions.
+ """Abstract base view for portfolio members views that enforces permissions.
+
+ This abstract view cannot be instantiated. Actual views must specify
+ `template_name`.
+ """
+
+
+class PortfolioMemberPermissionView(PortfolioMemberPermission, PortfolioBasePermissionView, abc.ABC):
+ """Abstract base view for portfolio member views that enforces permissions.
+
+ This abstract view cannot be instantiated. Actual views must specify
+ `template_name`.
+ """
+
+
+class PortfolioMemberEditPermissionView(PortfolioMemberEditPermission, PortfolioBasePermissionView, abc.ABC):
+ """Abstract base view for portfolio member edit views that enforces permissions.
+
+ This abstract view cannot be instantiated. Actual views must specify
+ `template_name`.
+ """
+
+
+class PortfolioInvitedMemberPermissionView(PortfolioInvitedMemberPermission, PortfolioBasePermissionView, abc.ABC):
+ """Abstract base view for portfolio member views that enforces permissions.
+
+ This abstract view cannot be instantiated. Actual views must specify
+ `template_name`.
+ """
+
+
+class PortfolioInvitedMemberEditPermissionView(
+ PortfolioInvitedMemberEditPermission, PortfolioBasePermissionView, abc.ABC
+):
+ """Abstract base view for portfolio member edit views that enforces permissions.
This abstract view cannot be instantiated. Actual views must specify
`template_name`.
diff --git a/src/zap.conf b/src/zap.conf
index dd9ae1565..1f0548f2d 100644
--- a/src/zap.conf
+++ b/src/zap.conf
@@ -71,6 +71,7 @@
10038 OUTOFSCOPE http://app:8080/domain_requests/
10038 OUTOFSCOPE http://app:8080/domains/
10038 OUTOFSCOPE http://app:8080/organization/
+10038 OUTOFSCOPE http://app:8080/permissions
10038 OUTOFSCOPE http://app:8080/suborganization/
10038 OUTOFSCOPE http://app:8080/transfer/
# This URL always returns 404, so include it as well.
Edit email