Merge branch 'main' into za/1001-update-to-use-sentence-case

src/registrar/admin.py

@@ -1,6 +1,7 @@
 import logging
 from django import forms
 from django.http import HttpResponse
+from django.shortcuts import redirect
 from django_fsm import get_available_FIELD_transitions
 from django.contrib import admin, messages
 from django.contrib.auth.admin import UserAdmin as BaseUserAdmin
@@ -360,6 +361,17 @@ class UserDomainRoleAdmin(ListHeaderAdmin):
 
     autocomplete_fields = ["user", "domain"]
 
+    # Fixes a bug where non-superusers are redirected to the main page
+    def delete_view(self, request, object_id, extra_context=None):
+        """Custom delete_view implementation that specifies redirect behaviour"""
+        response = super().delete_view(request, object_id, extra_context)
+
+        if isinstance(response, HttpResponseRedirect) and not request.user.has_perm("registrar.full_access_permission"):
+            url = reverse("admin:registrar_userdomainrole_changelist")
+            return redirect(url)
+        else:
+            return response
+
 
 class DomainInvitationAdmin(ListHeaderAdmin):
     """Custom domain invitation admin class."""

src/registrar/migrations/0053_create_groups_v05.py

@@ -0,0 +1,37 @@
+# This migration creates the create_full_access_group and create_cisa_analyst_group groups
+# It is dependent on 0035 (which populates ContentType and Permissions)
+# If permissions on the groups need changing, edit CISA_ANALYST_GROUP_PERMISSIONS
+# in the user_group model then:
+# [NOT RECOMMENDED]
+# step 1: docker-compose exec app ./manage.py migrate --fake registrar 0035_contenttypes_permissions
+# step 2: docker-compose exec app ./manage.py migrate registrar 0036_create_groups
+# step 3: fake run the latest migration in the migrations list
+# [RECOMMENDED]
+# Alternatively:
+# step 1: duplicate the migration that loads data
+# step 2: docker-compose exec app ./manage.py migrate
+
+from django.db import migrations
+from registrar.models import UserGroup
+from typing import Any
+
+
+# For linting: RunPython expects a function reference,
+# so let's give it one
+def create_groups(apps, schema_editor) -> Any:
+    UserGroup.create_cisa_analyst_group(apps, schema_editor)
+    UserGroup.create_full_access_group(apps, schema_editor)
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("registrar", "0052_alter_domainapplication_anything_else_and_more"),
+    ]
+
+    operations = [
+        migrations.RunPython(
+            create_groups,
+            reverse_code=migrations.RunPython.noop,
+            atomic=True,
+        ),
+    ]

src/registrar/models/user_group.py

@@ -61,6 +61,11 @@ class UserGroup(Group):
                 "model": "website",
                 "permissions": ["change_website"],
             },
+            {
+                "app_label": "registrar",
+                "model": "userdomainrole",
+                "permissions": ["view_userdomainrole", "delete_userdomainrole"],
+            },
         ]
 
         # Avoid error: You can't execute queries until the end

src/registrar/tests/test_migrations.py

@@ -41,6 +41,8 @@ class TestGroups(TestCase):
             "change_draftdomain",
             "analyst_access_permission",
             "change_user",
+            "delete_userdomainrole",
+            "view_userdomainrole",
             "change_website",
         ]