diff --git a/src/registrar/admin.py b/src/registrar/admin.py index 3db706c94..518c67869 100644 --- a/src/registrar/admin.py +++ b/src/registrar/admin.py @@ -1,6 +1,7 @@ import logging from django import forms from django.http import HttpResponse +from django.shortcuts import redirect from django_fsm import get_available_FIELD_transitions from django.contrib import admin, messages from django.contrib.auth.admin import UserAdmin as BaseUserAdmin @@ -360,6 +361,17 @@ class UserDomainRoleAdmin(ListHeaderAdmin): autocomplete_fields = ["user", "domain"] + # Fixes a bug where non-superusers are redirected to the main page + def delete_view(self, request, object_id, extra_context=None): + """Custom delete_view implementation that specifies redirect behaviour""" + response = super().delete_view(request, object_id, extra_context) + + if isinstance(response, HttpResponseRedirect) and not request.user.has_perm("registrar.full_access_permission"): + url = reverse("admin:registrar_userdomainrole_changelist") + return redirect(url) + else: + return response + class DomainInvitationAdmin(ListHeaderAdmin): """Custom domain invitation admin class.""" diff --git a/src/registrar/migrations/0053_create_groups_v05.py b/src/registrar/migrations/0053_create_groups_v05.py new file mode 100644 index 000000000..aaf74a9db --- /dev/null +++ b/src/registrar/migrations/0053_create_groups_v05.py @@ -0,0 +1,37 @@ +# This migration creates the create_full_access_group and create_cisa_analyst_group groups +# It is dependent on 0035 (which populates ContentType and Permissions) +# If permissions on the groups need changing, edit CISA_ANALYST_GROUP_PERMISSIONS +# in the user_group model then: +# [NOT RECOMMENDED] +# step 1: docker-compose exec app ./manage.py migrate --fake registrar 0035_contenttypes_permissions +# step 2: docker-compose exec app ./manage.py migrate registrar 0036_create_groups +# step 3: fake run the latest migration in the migrations list +# [RECOMMENDED] +# Alternatively: +# step 1: duplicate the migration that loads data +# step 2: docker-compose exec app ./manage.py migrate + +from django.db import migrations +from registrar.models import UserGroup +from typing import Any + + +# For linting: RunPython expects a function reference, +# so let's give it one +def create_groups(apps, schema_editor) -> Any: + UserGroup.create_cisa_analyst_group(apps, schema_editor) + UserGroup.create_full_access_group(apps, schema_editor) + + +class Migration(migrations.Migration): + dependencies = [ + ("registrar", "0052_alter_domainapplication_anything_else_and_more"), + ] + + operations = [ + migrations.RunPython( + create_groups, + reverse_code=migrations.RunPython.noop, + atomic=True, + ), + ] diff --git a/src/registrar/models/user_group.py b/src/registrar/models/user_group.py index cf261286e..0f12a2e84 100644 --- a/src/registrar/models/user_group.py +++ b/src/registrar/models/user_group.py @@ -61,6 +61,11 @@ class UserGroup(Group): "model": "website", "permissions": ["change_website"], }, + { + "app_label": "registrar", + "model": "userdomainrole", + "permissions": ["view_userdomainrole", "delete_userdomainrole"], + }, ] # Avoid error: You can't execute queries until the end diff --git a/src/registrar/tests/test_migrations.py b/src/registrar/tests/test_migrations.py index 59e724387..cc9d379e5 100644 --- a/src/registrar/tests/test_migrations.py +++ b/src/registrar/tests/test_migrations.py @@ -41,6 +41,8 @@ class TestGroups(TestCase): "change_draftdomain", "analyst_access_permission", "change_user", + "delete_userdomainrole", + "view_userdomainrole", "change_website", ]