From 1770bd93294db178a563b876009c78cc89fcbabf Mon Sep 17 00:00:00 2001 From: zandercymatics <141044360+zandercymatics@users.noreply.github.com> Date: Fri, 1 Dec 2023 14:08:18 -0700 Subject: [PATCH 1/9] Allow analysts to view userdomainrole --- src/registrar/models/user_group.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/registrar/models/user_group.py b/src/registrar/models/user_group.py index cf261286e..e9db70380 100644 --- a/src/registrar/models/user_group.py +++ b/src/registrar/models/user_group.py @@ -61,6 +61,11 @@ class UserGroup(Group): "model": "website", "permissions": ["change_website"], }, + { + "app_label": "registrar", + "model": "userdomainrole", + "permissions": ["view_userdomainrole"], + }, ] # Avoid error: You can't execute queries until the end From 86bb3073d7e4df0e5ae83d7a1b7604ec188837f5 Mon Sep 17 00:00:00 2001 From: zandercymatics <141044360+zandercymatics@users.noreply.github.com> Date: Fri, 1 Dec 2023 14:19:25 -0700 Subject: [PATCH 2/9] Fix test --- src/registrar/tests/test_migrations.py | 1 + 1 file changed, 1 insertion(+) diff --git a/src/registrar/tests/test_migrations.py b/src/registrar/tests/test_migrations.py index 59e724387..22b0ed509 100644 --- a/src/registrar/tests/test_migrations.py +++ b/src/registrar/tests/test_migrations.py @@ -42,6 +42,7 @@ class TestGroups(TestCase): "analyst_access_permission", "change_user", "change_website", + "view_userdomainrole" ] # Get the codenames of actual permissions associated with the group From 23a208d2aa8f7646218fe3a8f401ec82eb5b1577 Mon Sep 17 00:00:00 2001 From: zandercymatics <141044360+zandercymatics@users.noreply.github.com> Date: Fri, 1 Dec 2023 14:24:19 -0700 Subject: [PATCH 3/9] Update test_migrations.py --- src/registrar/tests/test_migrations.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/registrar/tests/test_migrations.py b/src/registrar/tests/test_migrations.py index 22b0ed509..05fc8fb17 100644 --- a/src/registrar/tests/test_migrations.py +++ b/src/registrar/tests/test_migrations.py @@ -41,8 +41,8 @@ class TestGroups(TestCase): "change_draftdomain", "analyst_access_permission", "change_user", - "change_website", - "view_userdomainrole" + "view_userdomainrole", + "change_website" ] # Get the codenames of actual permissions associated with the group From 1e48c0b222ce982b67c4e465a90b2775fc73ac09 Mon Sep 17 00:00:00 2001 From: zandercymatics <141044360+zandercymatics@users.noreply.github.com> Date: Fri, 1 Dec 2023 14:35:53 -0700 Subject: [PATCH 4/9] Add delete role --- src/registrar/models/user_group.py | 2 +- src/registrar/tests/test_migrations.py | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/registrar/models/user_group.py b/src/registrar/models/user_group.py index e9db70380..0f12a2e84 100644 --- a/src/registrar/models/user_group.py +++ b/src/registrar/models/user_group.py @@ -64,7 +64,7 @@ class UserGroup(Group): { "app_label": "registrar", "model": "userdomainrole", - "permissions": ["view_userdomainrole"], + "permissions": ["view_userdomainrole", "delete_userdomainrole"], }, ] diff --git a/src/registrar/tests/test_migrations.py b/src/registrar/tests/test_migrations.py index 05fc8fb17..69040fe0e 100644 --- a/src/registrar/tests/test_migrations.py +++ b/src/registrar/tests/test_migrations.py @@ -41,6 +41,7 @@ class TestGroups(TestCase): "change_draftdomain", "analyst_access_permission", "change_user", + "delete_userdomainrole", "view_userdomainrole", "change_website" ] From f0d0188c532f9f02f923e813d86e5734f850c69b Mon Sep 17 00:00:00 2001 From: zandercymatics <141044360+zandercymatics@users.noreply.github.com> Date: Fri, 1 Dec 2023 14:39:54 -0700 Subject: [PATCH 5/9] Linting --- src/registrar/tests/test_migrations.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/registrar/tests/test_migrations.py b/src/registrar/tests/test_migrations.py index 69040fe0e..cc9d379e5 100644 --- a/src/registrar/tests/test_migrations.py +++ b/src/registrar/tests/test_migrations.py @@ -43,7 +43,7 @@ class TestGroups(TestCase): "change_user", "delete_userdomainrole", "view_userdomainrole", - "change_website" + "change_website", ] # Get the codenames of actual permissions associated with the group From 125758183b426160313aa52e9fec25acefbfcab2 Mon Sep 17 00:00:00 2001 From: zandercymatics <141044360+zandercymatics@users.noreply.github.com> Date: Tue, 5 Dec 2023 09:02:33 -0700 Subject: [PATCH 6/9] Add migration --- .../migrations/0049_create_groups_v03.py | 37 +++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 src/registrar/migrations/0049_create_groups_v03.py diff --git a/src/registrar/migrations/0049_create_groups_v03.py b/src/registrar/migrations/0049_create_groups_v03.py new file mode 100644 index 000000000..c8f471ea0 --- /dev/null +++ b/src/registrar/migrations/0049_create_groups_v03.py @@ -0,0 +1,37 @@ +# This migration creates the create_full_access_group and create_cisa_analyst_group groups +# It is dependent on 0035 (which populates ContentType and Permissions) +# If permissions on the groups need changing, edit CISA_ANALYST_GROUP_PERMISSIONS +# in the user_group model then: +# [NOT RECOMMENDED] +# step 1: docker-compose exec app ./manage.py migrate --fake registrar 0035_contenttypes_permissions +# step 2: docker-compose exec app ./manage.py migrate registrar 0036_create_groups +# step 3: fake run the latest migration in the migrations list +# [RECOMMENDED] +# Alternatively: +# step 1: duplicate the migration that loads data +# step 2: docker-compose exec app ./manage.py migrate + +from django.db import migrations +from registrar.models import UserGroup +from typing import Any + + +# For linting: RunPython expects a function reference, +# so let's give it one +def create_groups(apps, schema_editor) -> Any: + UserGroup.create_cisa_analyst_group(apps, schema_editor) + UserGroup.create_full_access_group(apps, schema_editor) + + +class Migration(migrations.Migration): + dependencies = [ + ("registrar", "0048_alter_transitiondomain_status"), + ] + + operations = [ + migrations.RunPython( + create_groups, + reverse_code=migrations.RunPython.noop, + atomic=True, + ), + ] From b7265598ba683f18fa24fc85676b8b1ae638cf7e Mon Sep 17 00:00:00 2001 From: zandercymatics <141044360+zandercymatics@users.noreply.github.com> Date: Tue, 5 Dec 2023 09:27:55 -0700 Subject: [PATCH 7/9] Rename migration --- .../{0049_create_groups_v03.py => 0049_create_groups_v05.py} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename src/registrar/migrations/{0049_create_groups_v03.py => 0049_create_groups_v05.py} (100%) diff --git a/src/registrar/migrations/0049_create_groups_v03.py b/src/registrar/migrations/0049_create_groups_v05.py similarity index 100% rename from src/registrar/migrations/0049_create_groups_v03.py rename to src/registrar/migrations/0049_create_groups_v05.py From d3580371799d0bcc0706e34d710a239bb5003d68 Mon Sep 17 00:00:00 2001 From: zandercymatics <141044360+zandercymatics@users.noreply.github.com> Date: Wed, 6 Dec 2023 08:49:43 -0700 Subject: [PATCH 8/9] Fix redirect bug --- src/registrar/admin.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/registrar/admin.py b/src/registrar/admin.py index 2f9bc97c5..ddaaf15c2 100644 --- a/src/registrar/admin.py +++ b/src/registrar/admin.py @@ -1,6 +1,7 @@ import logging from django import forms from django.http import HttpResponse +from django.shortcuts import redirect from django_fsm import get_available_FIELD_transitions from django.contrib import admin, messages from django.contrib.auth.admin import UserAdmin as BaseUserAdmin @@ -342,6 +343,17 @@ class UserDomainRoleAdmin(ListHeaderAdmin): autocomplete_fields = ["user", "domain"] + # Fixes a bug where non-superusers are redirected to the main page + def delete_view(self, request, object_id, extra_context=None): + """Custom delete_view implementation that specifies redirect behaviour""" + response = super().delete_view(request, object_id, extra_context) + + if isinstance(response, HttpResponseRedirect) and not request.user.has_perm("registrar.full_access_permission"): + url = reverse("admin:registrar_userdomainrole_changelist") + return redirect(url) + else: + return response + class DomainInvitationAdmin(ListHeaderAdmin): """Custom domain invitation admin class.""" From 8fa978833d76eccd15d922e3800439ae0cfbc2fd Mon Sep 17 00:00:00 2001 From: zandercymatics <141044360+zandercymatics@users.noreply.github.com> Date: Wed, 6 Dec 2023 08:58:44 -0700 Subject: [PATCH 9/9] Fix migrations --- .../{0049_create_groups_v05.py => 0053_create_groups_v05.py} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename src/registrar/migrations/{0049_create_groups_v05.py => 0053_create_groups_v05.py} (94%) diff --git a/src/registrar/migrations/0049_create_groups_v05.py b/src/registrar/migrations/0053_create_groups_v05.py similarity index 94% rename from src/registrar/migrations/0049_create_groups_v05.py rename to src/registrar/migrations/0053_create_groups_v05.py index c8f471ea0..aaf74a9db 100644 --- a/src/registrar/migrations/0049_create_groups_v05.py +++ b/src/registrar/migrations/0053_create_groups_v05.py @@ -25,7 +25,7 @@ def create_groups(apps, schema_editor) -> Any: class Migration(migrations.Migration): dependencies = [ - ("registrar", "0048_alter_transitiondomain_status"), + ("registrar", "0052_alter_domainapplication_anything_else_and_more"), ] operations = [