diff --git a/src/registrar/decorators.py b/src/registrar/decorators.py index 517985b6d..37bdabccd 100644 --- a/src/registrar/decorators.py +++ b/src/registrar/decorators.py @@ -138,7 +138,6 @@ def _user_has_permission(user, request, rules, **kwargs): if not any(conditions_met) and HAS_PORTFOLIO_DOMAIN_REQUESTS_EDIT in rules: domain_request_id = kwargs.get("domain_request_pk") has_permission = _has_portfolio_domain_requests_edit(user, request, domain_request_id) - print(has_permission) conditions_met.append(has_permission) if not any(conditions_met) and HAS_PORTFOLIO_MEMBERS_ANY_PERM in rules: diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py index 9447d211f..aadb85c66 100644 --- a/src/registrar/tests/test_admin.py +++ b/src/registrar/tests/test_admin.py @@ -3834,8 +3834,6 @@ class TestTransferUser(WebTest): self.assertContains(after_submit, "

Change user

") - print(mock_success_message.call_args_list) - mock_success_message.assert_any_call( ANY, ( diff --git a/src/registrar/tests/test_url_auth.py b/src/registrar/tests/test_url_auth.py index 17b13c233..7e0193e1d 100644 --- a/src/registrar/tests/test_url_auth.py +++ b/src/registrar/tests/test_url_auth.py @@ -85,7 +85,6 @@ def iter_sample_urls(urlconf): if not viewname: continue if viewname == "auth_user_password_change": - print(route) break named_groups = route.regex.groupindex.keys() kwargs = {} diff --git a/src/registrar/tests/test_views_domains_json.py b/src/registrar/tests/test_views_domains_json.py index fe63f27de..5ce308e74 100644 --- a/src/registrar/tests/test_views_domains_json.py +++ b/src/registrar/tests/test_views_domains_json.py @@ -104,7 +104,7 @@ class GetDomainsJsonTest(TestWithUser, WebTest): self.assertEqual(expected_domain.state_display(), state_displays[i]) self.assertEqual(expected_domain.get_state_help_text(), get_state_help_texts[i]) - self.assertEqual(reverse("domain", kwargs={"pk": expected_domain.id}), action_urls[i]) + self.assertEqual(reverse("domain", kwargs={"domain_pk": expected_domain.id}), action_urls[i]) # Check action_label action_label_expected = ( @@ -185,7 +185,7 @@ class GetDomainsJsonTest(TestWithUser, WebTest): self.assertEqual(expected_domain.state_display(), state_displays[i]) self.assertEqual(expected_domain.get_state_help_text(), get_state_help_texts[i]) - self.assertEqual(reverse("domain", kwargs={"pk": expected_domain.id}), action_urls[i]) + self.assertEqual(reverse("domain", kwargs={"domain_pk": expected_domain.id}), action_urls[i]) # Check action_label user_domain_role_exists = UserDomainRole.objects.filter( @@ -272,7 +272,7 @@ class GetDomainsJsonTest(TestWithUser, WebTest): self.assertEqual(expected_domain.state_display(), state_displays[i]) self.assertEqual(expected_domain.get_state_help_text(), get_state_help_texts[i]) - self.assertEqual(reverse("domain", kwargs={"pk": expected_domain.id}), action_urls[i]) + self.assertEqual(reverse("domain", kwargs={"domain_pk": expected_domain.id}), action_urls[i]) # Check action_label user_domain_role_exists = UserDomainRole.objects.filter( diff --git a/src/registrar/tests/test_views_portfolio.py b/src/registrar/tests/test_views_portfolio.py index 097aa1879..9de6fbbf2 100644 --- a/src/registrar/tests/test_views_portfolio.py +++ b/src/registrar/tests/test_views_portfolio.py @@ -1320,7 +1320,7 @@ class TestPortfolio(WebTest): self.client.force_login(self.user) # Perform delete - response = self.client.post(reverse("domain-request-delete", kwargs={"pk": domain_request.pk}), follow=True) + response = self.client.post(reverse("domain-request-delete", kwargs={"domain_request_pk": domain_request.pk}), follow=True) # Check that the response is 200 self.assertEqual(response.status_code, 200) @@ -1354,7 +1354,7 @@ class TestPortfolio(WebTest): self.client.force_login(self.user) # Attempt to delete - response = self.client.post(reverse("domain-request-delete", kwargs={"pk": domain_request.pk}), follow=True) + response = self.client.post(reverse("domain-request-delete", kwargs={"domain_request_pk": domain_request.pk}), follow=True) # Check response is 403 Forbidden self.assertEqual(response.status_code, 403) @@ -1389,7 +1389,7 @@ class TestPortfolio(WebTest): self.client.force_login(self.user) # Perform delete as self.user - response = self.client.post(reverse("domain-request-delete", kwargs={"pk": domain_request.pk}), follow=True) + response = self.client.post(reverse("domain-request-delete", kwargs={"domain_request_pk": domain_request.pk}), follow=True) # Check response is 403 Forbidden self.assertEqual(response.status_code, 403) @@ -3244,7 +3244,7 @@ class TestRequestingEntity(WebTest): def test_requesting_entity_page_errors(self): """Tests that we get the expected form errors on requesting entity""" domain_request = completed_domain_request(user=self.user, portfolio=self.portfolio) - response = self.app.get(reverse("edit-domain-request", kwargs={"id": domain_request.pk})).follow() + response = self.app.get(reverse("edit-domain-request", kwargs={"domain_request_pk": domain_request.pk})).follow() form = response.forms[0] session_id = self.app.cookies[settings.SESSION_COOKIE_NAME] self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id) @@ -3334,7 +3334,7 @@ class TestRequestingEntity(WebTest): domain_request.submit() - response = self.app.get(reverse("domain-request-status-viewonly", kwargs={"pk": domain_request.pk})) + response = self.app.get(reverse("domain-request-status-viewonly", kwargs={"domain_request_pk": domain_request.pk})) self.assertContains(response, "Requesting entity") self.assertContains(response, "moon") self.assertContains(response, "kepler, AL") @@ -3359,7 +3359,7 @@ class TestRequestingEntity(WebTest): domain_request.submit() - response = self.app.get(reverse("domain-request-status", kwargs={"pk": domain_request.pk})) + response = self.app.get(reverse("domain-request-status", kwargs={"domain_request_pk": domain_request.pk})) self.assertContains(response, "Requesting entity") self.assertContains(response, "moon") self.assertContains(response, "kepler, AL") diff --git a/src/registrar/views/domain_request.py b/src/registrar/views/domain_request.py index 23596f2ad..7a0ce6d3c 100644 --- a/src/registrar/views/domain_request.py +++ b/src/registrar/views/domain_request.py @@ -1,12 +1,13 @@ import logging from collections import defaultdict +from django.contrib import messages +from django.contrib.auth.mixins import PermissionRequiredMixin from django.http import Http404, HttpResponse, HttpResponseRedirect from django.shortcuts import redirect, render from django.urls import resolve, reverse from django.utils.safestring import mark_safe from django.utils.translation import gettext_lazy as _ from django.views.generic import DeleteView, DetailView, TemplateView -from django.contrib import messages from registrar.decorators import ( HAS_PORTFOLIO_DOMAIN_REQUESTS_EDIT, HAS_PORTFOLIO_DOMAIN_REQUESTS_VIEW_ALL, @@ -880,7 +881,7 @@ class DomainRequestWithdrawn(DetailView): @grant_access(IS_DOMAIN_REQUEST_CREATOR, HAS_PORTFOLIO_DOMAIN_REQUESTS_EDIT) -class DomainRequestDeleteView(DeleteView): +class DomainRequestDeleteView(PermissionRequiredMixin, DeleteView): """Delete view for home that allows the end user to delete DomainRequests""" object: DomainRequest # workaround for type mismatch in DeleteView @@ -895,6 +896,12 @@ class DomainRequestDeleteView(DeleteView): if status not in valid_statuses: return False + # Portfolio users cannot delete their requests if they aren't permissioned to do so + if self.request.user.is_org_user(self.request): + portfolio = self.request.session.get("portfolio") + if not self.request.user.has_edit_request_portfolio_permission(portfolio): + return False + return True def get_success_url(self): diff --git a/src/registrar/views/utility/error_views.py b/src/registrar/views/utility/error_views.py index 4f9635d09..8e54170c9 100644 --- a/src/registrar/views/utility/error_views.py +++ b/src/registrar/views/utility/error_views.py @@ -39,7 +39,6 @@ def custom_403_error_view(request, exception=None, context=None): def custom_404_error_view(request, exception=None, context=None): """Used to redirect 404 errors to a custom view""" - print("this is called") if context is None: context = {} return render(request, "404.html", context=context, status=404)