zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-07-29 22:16:33 +02:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'main' of https://github.com/cisagov/manage.get.gov into rh/3597-same-name-domain

Browse source
This commit is contained in:
Rebecca Hsieh 2025-03-25 11:59:43 -07:00
commit 75adddec8a
No known key found for this signature in database
87 changed files with 5177 additions and 1504 deletions
Download patch file Download diff file Expand all files Collapse all files

76
.github/ISSUE_TEMPLATE/design-issue.yml vendored Normal file
View file

@ -0,0 +1,76 @@
name: Design Issue / story
description: Specifically for design and content tickets
labels: design, content
body:
- type: markdown
id: title-help
attributes:
value: |
> Titles should be short, descriptive, and compelling. Use sentence case: don't capitalize words unnecessarily.
- type: textarea
id: issue-description
attributes:
label: Issue description
description: |
Describe the issue so that someone who wasn't present for its discovery can understand why it matters. For stories, use the user story format (e.g., As a user, I want, so that). Use full sentences, plain language, and [good formatting](https://docs.github.com/en/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax).
validations:
required: true
- type: markdown
id: acceptance-criteria-design
attributes:
value: |
### Acceptance criteria for design updates
- [ ] Used components from the Figma design system wherein possible
- [ ] Merged draft design(s) into the official [registrar](https://www.figma.com/design/xFtGLHVrhp0lvwh0gYWnbx/.gov-registar?m=auto) or [get.gov](https://www.figma.com/design/qeWM03sfjXgHBHB23rsD6X/get.gov?m=auto&t=NevyFHpikXLWEwaL-6) Figma pages
- [ ] (If applicable) Updated components from the [Figma design system](https://www.figma.com/design/G2HANRHy8pnlY5ENvmpKY8/.gov-Design-System?m=auto) if there's any inconsistencies with production
<br>
- type: markdown
id: acceptance-criteria-content
attributes:
value: |
### Acceptance criteria for content updates
- [ ] **Followed the [content guide](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?usp=sharing) instructions, including:**
- [ ] Use official terms in the [word list](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.2et92p0) wherein possible, and avoiding synonyms or alternative terms
- [ ] Use [content blocks](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.23ckvvd) whenever possible (consider creating new content blocks for new content that will be referenced heavily)
- [ ] Check for readibility using the [Hemingway Editor](https://hemingwayapp.com/)
- [ ] Any external links have an [external link icon](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.4i7ojhp) and open in a new tab
- [ ] **Instructions specific to get.gov ([instructions for how to update the public site](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.1pxezwc)):**
- [ ] Update content in the [get.gov design file](https://www.figma.com/design/qeWM03sfjXgHBHB23rsD6X/get.gov?m=auto&t=NevyFHpikXLWEwaL-6) in Figma
- [ ] Update the [relevant pages](https://drive.google.com/drive/u/1/folders/1kPsaM6wTli5yjTx1k1QZNlSzYZ-usW4x) in Google Drive's Content folder
- [ ] Links [open in a new window](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.g0jcbi63s6zm) if the user will need to reference text on the public site while viewing the link
- [ ] **Instructions specific to the manage.get.gov ([instructions for how to update the registrar](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.1hmsyys)):**
- [ ] Update content in the [registrar design file](https://www.figma.com/design/xFtGLHVrhp0lvwh0gYWnbx/.gov-registar?m=auto) in Figma
- [ ] Update the [relevant pages](https://drive.google.com/drive/folders/1dlv_w9zT-W_TStG-7icag6lqcQi86WUs?usp=drive_link) in Google Drive's Content folder
- [ ] Links [open in a new window](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.g0jcbi63s6zm)
- [ ] **Instructions specific to emails:**
- [ ] TBD
<br>
- type: textarea
id: additional-acceptance-criteria
attributes:
label: Additional acceptance criteria
description: "If known, add more statements that would need to be true for this issue to be considered resolved. Use a [task list](https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/about-task-lists#creating-task-lists) if appropriate."
placeholder: "- [ ]"
- type: textarea
id: additional-context
attributes:
label: Additional context
description: "Share any other thoughts, like how this might be implemented or fixed. Screenshots and links to documents/discussions are welcome."
- type: textarea
id: links-to-other-issues
attributes:
label: Links to other issues
description: |
"Use a dash (`-`) to start the line. Add an issue by typing "`#`" then the issue number. Add information to describe any dependancies, blockers, etc. (e.g., 🚧 [construction] Blocks, ⛔️ [no_entry] Is blocked by, 🔄 [arrows_counterclockwise] Relates to). If this is a parent issue, use sub-issues instead of linking other issues here."
placeholder: "- 🔄 Relates to..."
- type: markdown
id: note
attributes:
value: |
> We may edit the text in this issue to document our understanding and clarify the product work.

2
.github/ISSUE_TEMPLATE/issue-default.yml vendored
View file

@ -19,7 +19,7 @@ body:
id: acceptance-criteria id: acceptance-criteria
attributes: attributes:
label: Acceptance criteria label: Acceptance criteria
description: "If known, share 1-3 statements that would need to be true for this issue to be considered resolved. Use a [task list](https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/about-task-lists#creating-task-lists) if appropriate." description: "If known, share 1-3 statements that would need to be true for this issue to be considered resolved. Use a [task list](https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/about-task-lists#creating-task-lists) if appropriate. Designers: [Additional considerations](https://github.com/cisagov/manage.get.gov/wiki/Design-work-considerations) are listed in the wiki and can be adapted to ACs here."
placeholder: "- [ ]" placeholder: "- [ ]"
- type: textarea - type: textarea
id: additional-context id: additional-context

25
docs/developer/README.md
View file

@ -207,6 +207,17 @@ Linters:
docker-compose exec app ./manage.py lint docker-compose exec app ./manage.py lint
``` ```
### Get availability for domain requests to work locally
If you're on local (localhost:8080) and want to submit a domain request, and keep getting the "Were experiencing a system error. Please wait a few minutes and try again. If you continue to get this error, contact help@get.gov." error, you can get past the availability check by updating the available() function in registrar/models/domain.py to return True and comment everything else out - see below for reference!
```
@classmethod
def available(cls, domain: str) -> bool:
# Comment everything else out in the function
return True
```
### Testing behind logged in pages ### Testing behind logged in pages
To test behind logged in pages with external tools, like `pa11y-ci` or `OWASP Zap`, add To test behind logged in pages with external tools, like `pa11y-ci` or `OWASP Zap`, add
@ -305,15 +316,15 @@ You can also compile the **Sass** at any time using `npx gulp compile`. Similarl
We use the [CSS Block Element Modifier (BEM)](https://getbem.com/naming/) naming convention for our custom classes. This is in line with how USWDS [approaches](https://designsystem.digital.gov/whats-new/updates/2019/04/08/introducing-uswds-2-0/) their CSS class architecture and helps keep our code cohesive and readable. We use the [CSS Block Element Modifier (BEM)](https://getbem.com/naming/) naming convention for our custom classes. This is in line with how USWDS [approaches](https://designsystem.digital.gov/whats-new/updates/2019/04/08/introducing-uswds-2-0/) their CSS class architecture and helps keep our code cohesive and readable.
### Upgrading USWDS and other JavaScript packages ### Updating USWDS
1. Version numbers can be manually controlled in `package.json`. Edit that, if desired. 1. Version numbers can be manually controlled in `package.json`. Edit that, if desired.
2. Now run `docker-compose run node npm update`. 2. Now run `npx gulp updateUswds`. Refer to [official docs](https://designsystem.digital.gov/documentation/getting-started/developers/phase-two-compile/) to see what this is doing.
3. Then run `docker-compose up` to recompile and recopy the assets, or run `docker-compose updateUswds` if your docker is already up. 3. Make note of the dotgov changes in uswds-edited.js (Ctrl-F DOTGOV for modifications to USWDS compiled code).
4. Make note of the dotgov changes in uswds-edited.js. 4. Copy over the newly compiled code from uswds.js into uswds-edited.js.
5. Copy over the newly compiled code from uswds.js into uswds-edited.js. 5. Put back the dotgov changes you made note of into uswds-edited.js.
6. Put back the dotgov changes you made note of into uswds-edited.js. 6. Examine the results in the running application (remember to empty your cache!) and commit `package.json` and `package-lock.json` if all is well.
7. Examine the results in the running application (remember to empty your cache!) and commit `package.json` and `package-lock.json` if all is well. 7. Read the [release notes](https://github.com/uswds/uswds/releases) for the new versions installed, note 'Breaking' and 'Markup change' and make adjustments to the code base as needed.
## Finite State Machines ## Finite State Machines

3
src/Pipfile
View file

@ -4,7 +4,7 @@ verify_ssl = true
name = "pypi" name = "pypi"
[packages] [packages]
django = "4.2.17" django = "4.2.20"
cfenv = "*" cfenv = "*"
django-cors-headers = "*" django-cors-headers = "*"
pycryptodomex = "*" pycryptodomex = "*"
@ -34,6 +34,7 @@ tblib = "*"
django-admin-multiple-choice-list-filter = "*" django-admin-multiple-choice-list-filter = "*"
django-import-export = "*" django-import-export = "*"
django-waffle = "*" django-waffle = "*"
cryptography = "*"
[dev-packages] [dev-packages]
django-debug-toolbar = "*" django-debug-toolbar = "*"

797
src/Pipfile.lock generated
View file

File diff suppressed because it is too large Load diff

292
src/package-lock.json generated
View file

@ -63,23 +63,22 @@
} }
}, },
"node_modules/@babel/core": { "node_modules/@babel/core": {
"version": "7.26.8", "version": "7.26.9",
"resolved": "https://registry.npmjs.org/@babel/core/-/core-7.26.8.tgz", "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.26.9.tgz",
"integrity": "sha512-l+lkXCHS6tQEc5oUpK28xBOZ6+HwaH7YwoYQbLFiYb4nS2/l1tKnZEtEWkD0GuiYdvArf9qBS0XlQGXzPMsNqQ==", "integrity": "sha512-lWBYIrF7qK5+GjY5Uy+/hEgp8OJWOD/rpy74GplYRhEauvbHDeFB8t5hPOZxCZ0Oxf4Cc36tK51/l3ymJysrKw==",
"dev": true, "dev": true,
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {
"@ampproject/remapping": "^2.2.0", "@ampproject/remapping": "^2.2.0",
"@babel/code-frame": "^7.26.2", "@babel/code-frame": "^7.26.2",
"@babel/generator": "^7.26.8", "@babel/generator": "^7.26.9",
"@babel/helper-compilation-targets": "^7.26.5", "@babel/helper-compilation-targets": "^7.26.5",
"@babel/helper-module-transforms": "^7.26.0", "@babel/helper-module-transforms": "^7.26.0",
"@babel/helpers": "^7.26.7", "@babel/helpers": "^7.26.9",
"@babel/parser": "^7.26.8", "@babel/parser": "^7.26.9",
"@babel/template": "^7.26.8", "@babel/template": "^7.26.9",
"@babel/traverse": "^7.26.8", "@babel/traverse": "^7.26.9",
"@babel/types": "^7.26.8", "@babel/types": "^7.26.9",
"@types/gensync": "^1.0.0",
"convert-source-map": "^2.0.0", "convert-source-map": "^2.0.0",
"debug": "^4.1.0", "debug": "^4.1.0",
"gensync": "^1.0.0-beta.2", "gensync": "^1.0.0-beta.2",
@ -95,14 +94,14 @@
} }
}, },
"node_modules/@babel/generator": { "node_modules/@babel/generator": {
"version": "7.26.8", "version": "7.26.9",
"resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.26.8.tgz", "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.26.9.tgz",
"integrity": "sha512-ef383X5++iZHWAXX0SXQR6ZyQhw/0KtTkrTz61WXRhFM6dhpHulO/RJz79L8S6ugZHJkOOkUrUdxgdF2YiPFnA==", "integrity": "sha512-kEWdzjOAUMW4hAyrzJ0ZaTOu9OmpyDIQicIh0zg0EEcEkYXZb2TjtBhnHi2ViX7PKwZqF4xwqfAm299/QMP3lg==",
"dev": true, "dev": true,
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {
"@babel/parser": "^7.26.8", "@babel/parser": "^7.26.9",
"@babel/types": "^7.26.8", "@babel/types": "^7.26.9",
"@jridgewell/gen-mapping": "^0.3.5", "@jridgewell/gen-mapping": "^0.3.5",
"@jridgewell/trace-mapping": "^0.3.25", "@jridgewell/trace-mapping": "^0.3.25",
"jsesc": "^3.0.2" "jsesc": "^3.0.2"
@ -142,18 +141,18 @@
} }
}, },
"node_modules/@babel/helper-create-class-features-plugin": { "node_modules/@babel/helper-create-class-features-plugin": {
"version": "7.25.9", "version": "7.26.9",
"resolved": "https://registry.npmjs.org/@babel/helper-create-class-features-plugin/-/helper-create-class-features-plugin-7.25.9.tgz", "resolved": "https://registry.npmjs.org/@babel/helper-create-class-features-plugin/-/helper-create-class-features-plugin-7.26.9.tgz",
"integrity": "sha512-UTZQMvt0d/rSz6KI+qdu7GQze5TIajwTS++GUozlw8VBJDEOAqSXwm1WvmYEZwqdqSGQshRocPDqrt4HBZB3fQ==", "integrity": "sha512-ubbUqCofvxPRurw5L8WTsCLSkQiVpov4Qx0WMA+jUN+nXBK8ADPlJO1grkFw5CWKC5+sZSOfuGMdX1aI1iT9Sg==",
"dev": true, "dev": true,
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {
"@babel/helper-annotate-as-pure": "^7.25.9", "@babel/helper-annotate-as-pure": "^7.25.9",
"@babel/helper-member-expression-to-functions": "^7.25.9", "@babel/helper-member-expression-to-functions": "^7.25.9",
"@babel/helper-optimise-call-expression": "^7.25.9", "@babel/helper-optimise-call-expression": "^7.25.9",
"@babel/helper-replace-supers": "^7.25.9", "@babel/helper-replace-supers": "^7.26.5",
"@babel/helper-skip-transparent-expression-wrappers": "^7.25.9", "@babel/helper-skip-transparent-expression-wrappers": "^7.25.9",
"@babel/traverse": "^7.25.9", "@babel/traverse": "^7.26.9",
"semver": "^6.3.1" "semver": "^6.3.1"
}, },
"engines": { "engines": {
@ -363,27 +362,27 @@
} }
}, },
"node_modules/@babel/helpers": { "node_modules/@babel/helpers": {
"version": "7.26.7", "version": "7.26.9",
"resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.26.7.tgz", "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.26.9.tgz",
"integrity": "sha512-8NHiL98vsi0mbPQmYAGWwfcFaOy4j2HY49fXJCfuDcdE7fMIsH9a7GdaeXpIBsbT7307WU8KCMp5pUVDNL4f9A==", "integrity": "sha512-Mz/4+y8udxBKdmzt/UjPACs4G3j5SshJJEFFKxlCGPydG4JAHXxjWjAwjd09tf6oINvl1VfMJo+nB7H2YKQ0dA==",
"dev": true, "dev": true,
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {
"@babel/template": "^7.25.9", "@babel/template": "^7.26.9",
"@babel/types": "^7.26.7" "@babel/types": "^7.26.9"
}, },
"engines": { "engines": {
"node": ">=6.9.0" "node": ">=6.9.0"
} }
}, },
"node_modules/@babel/parser": { "node_modules/@babel/parser": {
"version": "7.26.8", "version": "7.26.9",
"resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.26.8.tgz", "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.26.9.tgz",
"integrity": "sha512-TZIQ25pkSoaKEYYaHbbxkfL36GNsQ6iFiBbeuzAkLnXayKR1yP1zFe+NxuZWWsUyvt8icPU9CCq0sgWGXR1GEw==", "integrity": "sha512-81NWa1njQblgZbQHxWHpxxCzNsa3ZwvFqpUg7P+NNUU6f3UU2jBEg4OlF/J6rl8+PQGh1q6/zWScd001YwcA5A==",
"dev": true, "dev": true,
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {
"@babel/types": "^7.26.8" "@babel/types": "^7.26.9"
}, },
"bin": { "bin": {
"parser": "bin/babel-parser.js" "parser": "bin/babel-parser.js"
@ -809,13 +808,13 @@
} }
}, },
"node_modules/@babel/plugin-transform-for-of": { "node_modules/@babel/plugin-transform-for-of": {
"version": "7.25.9", "version": "7.26.9",
"resolved": "https://registry.npmjs.org/@babel/plugin-transform-for-of/-/plugin-transform-for-of-7.25.9.tgz", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-for-of/-/plugin-transform-for-of-7.26.9.tgz",
"integrity": "sha512-LqHxduHoaGELJl2uhImHwRQudhCM50pT46rIBNvtT/Oql3nqiS3wOwP+5ten7NpYSXrrVLgtZU3DZmPtWZo16A==", "integrity": "sha512-Hry8AusVm8LW5BVFgiyUReuoGzPUpdHQQqJY5bZnbbf+ngOHWuCuYFKw/BqaaWlvEUrF91HMhDtEaI1hZzNbLg==",
"dev": true, "dev": true,
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {
"@babel/helper-plugin-utils": "^7.25.9", "@babel/helper-plugin-utils": "^7.26.5",
"@babel/helper-skip-transparent-expression-wrappers": "^7.25.9" "@babel/helper-skip-transparent-expression-wrappers": "^7.25.9"
}, },
"engines": { "engines": {
@ -1376,9 +1375,9 @@
} }
}, },
"node_modules/@babel/preset-env": { "node_modules/@babel/preset-env": {
"version": "7.26.8", "version": "7.26.9",
"resolved": "https://registry.npmjs.org/@babel/preset-env/-/preset-env-7.26.8.tgz", "resolved": "https://registry.npmjs.org/@babel/preset-env/-/preset-env-7.26.9.tgz",
"integrity": "sha512-um7Sy+2THd697S4zJEfv/U5MHGJzkN2xhtsR3T/SWRbVSic62nbISh51VVfU9JiO/L/Z97QczHTaFVkOU8IzNg==", "integrity": "sha512-vX3qPGE8sEKEAZCWk05k3cpTAE3/nOYca++JA+Rd0z2NCNzabmYvEiSShKzm10zdquOIAVXsy2Ei/DTW34KlKQ==",
"dev": true, "dev": true,
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {
@ -1411,7 +1410,7 @@
"@babel/plugin-transform-dynamic-import": "^7.25.9", "@babel/plugin-transform-dynamic-import": "^7.25.9",
"@babel/plugin-transform-exponentiation-operator": "^7.26.3", "@babel/plugin-transform-exponentiation-operator": "^7.26.3",
"@babel/plugin-transform-export-namespace-from": "^7.25.9", "@babel/plugin-transform-export-namespace-from": "^7.25.9",
"@babel/plugin-transform-for-of": "^7.25.9", "@babel/plugin-transform-for-of": "^7.26.9",
"@babel/plugin-transform-function-name": "^7.25.9", "@babel/plugin-transform-function-name": "^7.25.9",
"@babel/plugin-transform-json-strings": "^7.25.9", "@babel/plugin-transform-json-strings": "^7.25.9",
"@babel/plugin-transform-literals": "^7.25.9", "@babel/plugin-transform-literals": "^7.25.9",
@ -1475,9 +1474,9 @@
} }
}, },
"node_modules/@babel/runtime": { "node_modules/@babel/runtime": {
"version": "7.26.7", "version": "7.26.9",
"resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.26.7.tgz", "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.26.9.tgz",
"integrity": "sha512-AOPI3D+a8dXnja+iwsUqGRjr1BbZIe771sXdapOtYI531gSqpi92vXivKcq2asu/DFpdl1ceFAKZyRzK2PCVcQ==", "integrity": "sha512-aA63XwOkcl4xxQa3HjPMqOP6LiK0ZDv3mUPYEFXkpHbaFjtGggE1A61FjFzJnB+p7/oy2gA8E+rcBNl/zC1tMg==",
"dev": true, "dev": true,
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {
@ -1488,32 +1487,32 @@
} }
}, },
"node_modules/@babel/template": { "node_modules/@babel/template": {
"version": "7.26.8", "version": "7.26.9",
"resolved": "https://registry.npmjs.org/@babel/template/-/template-7.26.8.tgz", "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.26.9.tgz",
"integrity": "sha512-iNKaX3ZebKIsCvJ+0jd6embf+Aulaa3vNBqZ41kM7iTWjx5qzWKXGHiJUW3+nTpQ18SG11hdF8OAzKrpXkb96Q==", "integrity": "sha512-qyRplbeIpNZhmzOysF/wFMuP9sctmh2cFzRAZOn1YapxBsE1i9bJIY586R/WBLfLcmcBlM8ROBiQURnnNy+zfA==",
"dev": true, "dev": true,
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {
"@babel/code-frame": "^7.26.2", "@babel/code-frame": "^7.26.2",
"@babel/parser": "^7.26.8", "@babel/parser": "^7.26.9",
"@babel/types": "^7.26.8" "@babel/types": "^7.26.9"
}, },
"engines": { "engines": {
"node": ">=6.9.0" "node": ">=6.9.0"
} }
}, },
"node_modules/@babel/traverse": { "node_modules/@babel/traverse": {
"version": "7.26.8", "version": "7.26.9",
"resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.26.8.tgz", "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.26.9.tgz",
"integrity": "sha512-nic9tRkjYH0oB2dzr/JoGIm+4Q6SuYeLEiIiZDwBscRMYFJ+tMAz98fuel9ZnbXViA2I0HVSSRRK8DW5fjXStA==", "integrity": "sha512-ZYW7L+pL8ahU5fXmNbPF+iZFHCv5scFak7MZ9bwaRPLUhHh7QQEMjZUg0HevihoqCM5iSYHN61EyCoZvqC+bxg==",
"dev": true, "dev": true,
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {
"@babel/code-frame": "^7.26.2", "@babel/code-frame": "^7.26.2",
"@babel/generator": "^7.26.8", "@babel/generator": "^7.26.9",
"@babel/parser": "^7.26.8", "@babel/parser": "^7.26.9",
"@babel/template": "^7.26.8", "@babel/template": "^7.26.9",
"@babel/types": "^7.26.8", "@babel/types": "^7.26.9",
"debug": "^4.3.1", "debug": "^4.3.1",
"globals": "^11.1.0" "globals": "^11.1.0"
}, },
@ -1522,9 +1521,9 @@
} }
}, },
"node_modules/@babel/types": { "node_modules/@babel/types": {
"version": "7.26.8", "version": "7.26.9",
"resolved": "https://registry.npmjs.org/@babel/types/-/types-7.26.8.tgz", "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.26.9.tgz",
"integrity": "sha512-eUuWapzEGWFEpHFxgEaBG8e3n6S8L3MSu0oda755rOfabWPnh0Our1AozNFVUxGFIhbKgd1ksprsoDGMinTOTA==", "integrity": "sha512-Y3IR1cRnOxOCDvMmNiym7XpXQ93iGDDPHx+Zj+NM+rg0fBaShfQLkg+hKPaZCEvg5N/LeCo4+Rj/i3FuJsIQaw==",
"dev": true, "dev": true,
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {
@ -1999,13 +1998,6 @@
"dev": true, "dev": true,
"license": "MIT" "license": "MIT"
}, },
"node_modules/@types/gensync": {
"version": "1.0.4",
"resolved": "https://registry.npmjs.org/@types/gensync/-/gensync-1.0.4.tgz",
"integrity": "sha512-C3YYeRQWp2fmq9OryX+FoDy8nXS6scQ7dPptD8LnFDAUNcKWJjXQKDNJD3HVm+kOUsXhTOkpi69vI4EuAr95bA==",
"dev": true,
"license": "MIT"
},
"node_modules/@types/json-schema": { "node_modules/@types/json-schema": {
"version": "7.0.15", "version": "7.0.15",
"resolved": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.15.tgz", "resolved": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.15.tgz",
@ -2014,9 +2006,9 @@
"license": "MIT" "license": "MIT"
}, },
"node_modules/@types/node": { "node_modules/@types/node": {
"version": "22.13.1", "version": "22.13.9",
"resolved": "https://registry.npmjs.org/@types/node/-/node-22.13.1.tgz", "resolved": "https://registry.npmjs.org/@types/node/-/node-22.13.9.tgz",
"integrity": "sha512-jK8uzQlrvXqEU91UxiK5J7pKHyzgnI1Qnl0QDHIgVGuolJhRb9EEl28Cj9b3rGR8B2lhFCtvIm5os8lFnO/1Ew==", "integrity": "sha512-acBjXdRJ3A6Pb3tqnw9HZmyR3Fiol3aGxRCK1x3d+6CDAMjl7I649wpSd+yNURCjbOUGu9tqtLKnTGxmK6CyGw==",
"devOptional": true, "devOptional": true,
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {
@ -2255,9 +2247,9 @@
"license": "Apache-2.0" "license": "Apache-2.0"
}, },
"node_modules/acorn": { "node_modules/acorn": {
"version": "8.14.0", "version": "8.14.1",
"resolved": "https://registry.npmjs.org/acorn/-/acorn-8.14.0.tgz", "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.14.1.tgz",
"integrity": "sha512-cl669nCJTZBsL97OF4kUQm5g5hC2uihk0NxY3WENAC0TYdILVkAyHymAntgxGkl7K+t0cXIrH5siy5S4XkFycA==", "integrity": "sha512-OvQ/2pUDKmgfCg++xsTX1wGxfTaszcHVcTctW4UJB4hibJx2HXxxO5UmVgyjMa+ZDsiaf5wWLXYpRWMmBI0QHg==",
"dev": true, "dev": true,
"license": "MIT", "license": "MIT",
"bin": { "bin": {
@ -2868,9 +2860,9 @@
"license": "MIT" "license": "MIT"
}, },
"node_modules/caniuse-lite": { "node_modules/caniuse-lite": {
"version": "1.0.30001699", "version": "1.0.30001702",
"resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001699.tgz", "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001702.tgz",
"integrity": "sha512-b+uH5BakXZ9Do9iK+CkDmctUSEqZl+SP056vc5usa0PL+ev5OHw003rZXcnjNDv3L8P5j6rwT6C0BPKSikW08w==", "integrity": "sha512-LoPe/D7zioC0REI5W73PeR1e1MLCipRGq/VkovJnd6Df+QVqT+vT33OXCp8QUd7kA7RZrHWxb1B36OQKI/0gOA==",
"dev": true, "dev": true,
"funding": [ "funding": [
{ {
@ -3142,13 +3134,13 @@
} }
}, },
"node_modules/core-js-compat": { "node_modules/core-js-compat": {
"version": "3.40.0", "version": "3.41.0",
"resolved": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.40.0.tgz", "resolved": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.41.0.tgz",
"integrity": "sha512-0XEDpr5y5mijvw8Lbc6E5AkjrHfp7eEoPlu36SWeAbcL8fn1G1ANe8DBlo2XoNN89oVpxWwOjYIPVzR4ZvsKCQ==", "integrity": "sha512-RFsU9LySVue9RTwdDVX/T0e2Y6jRYWXERKElIjpuEOEnxaXffI0X7RUwVzfYLfzuLXSNJDYoRYUAmRUcyln20A==",
"dev": true, "dev": true,
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {
"browserslist": "^4.24.3" "browserslist": "^4.24.4"
}, },
"funding": { "funding": {
"type": "opencollective", "type": "opencollective",
@ -3371,9 +3363,9 @@
} }
}, },
"node_modules/electron-to-chromium": { "node_modules/electron-to-chromium": {
"version": "1.5.97", "version": "1.5.113",
"resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.97.tgz", "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.113.tgz",
"integrity": "sha512-HKLtaH02augM7ZOdYRuO19rWDeY+QSJ1VxnXFa/XDFLf07HvM90pALIJFgrO+UVaajI3+aJMMpojoUTLZyQ7JQ==", "integrity": "sha512-wjT2O4hX+wdWPJ76gWSkMhcHAV2PTMX+QetUCPYEdCIe+cxmgzzSSiGRCKW8nuh4mwKZlpv0xvoW7OF2X+wmHg==",
"dev": true, "dev": true,
"license": "ISC" "license": "ISC"
}, },
@ -3661,13 +3653,6 @@
"node": ">=8.6.0" "node": ">=8.6.0"
} }
}, },
"node_modules/fast-json-stable-stringify": {
"version": "2.1.0",
"resolved": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz",
"integrity": "sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==",
"dev": true,
"license": "MIT"
},
"node_modules/fast-levenshtein": { "node_modules/fast-levenshtein": {
"version": "3.0.0", "version": "3.0.0",
"resolved": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-3.0.0.tgz", "resolved": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-3.0.0.tgz",
@ -3706,9 +3691,9 @@
} }
}, },
"node_modules/fastq": { "node_modules/fastq": {
"version": "1.19.0", "version": "1.19.1",
"resolved": "https://registry.npmjs.org/fastq/-/fastq-1.19.0.tgz", "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.19.1.tgz",
"integrity": "sha512-7SFSRCNjBQIZH/xZR3iy5iQYR8aGBE0h3VG6/cwlbrpdciNYBMotQav8c1XI3HjHH+NikUpP53nPdlZSdWmFzA==", "integrity": "sha512-GwLTyxkCXjXbxqIhTsMI2Nui8huMPtnxg7krajPJAjnEG/iiOS7i+zCtWGZR9G0NBKbXKh6X9m9UIsYX/N6vvQ==",
"dev": true, "dev": true,
"license": "ISC", "license": "ISC",
"dependencies": { "dependencies": {
@ -5718,16 +5703,6 @@
"once": "^1.3.1" "once": "^1.3.1"
} }
}, },
"node_modules/punycode": {
"version": "2.3.1",
"resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz",
"integrity": "sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==",
"dev": true,
"license": "MIT",
"engines": {
"node": ">=6"
}
},
"node_modules/puppeteer": { "node_modules/puppeteer": {
"version": "9.1.1", "version": "9.1.1",
"resolved": "https://registry.npmjs.org/puppeteer/-/puppeteer-9.1.1.tgz", "resolved": "https://registry.npmjs.org/puppeteer/-/puppeteer-9.1.1.tgz",
@ -6113,9 +6088,9 @@
} }
}, },
"node_modules/reusify": { "node_modules/reusify": {
"version": "1.0.4", "version": "1.1.0",
"resolved": "https://registry.npmjs.org/reusify/-/reusify-1.0.4.tgz", "resolved": "https://registry.npmjs.org/reusify/-/reusify-1.1.0.tgz",
"integrity": "sha512-U9nH88a3fc/ekCF1l0/UP1IosiuIjyTh7hBvXVMHYgVcfGvt897Xguj2UOLDeI5BG2m7/uwyaLVT6fbtCwTyzw==", "integrity": "sha512-g6QUff04oZpHs0eG5p83rFLhHeV00ug/Yf9nZM6fLeUrPguBTkTQOdpAWWspMh55TZfVQDPaN3NQJfbVRAxdIw==",
"dev": true, "dev": true,
"license": "MIT", "license": "MIT",
"engines": { "engines": {
@ -6164,9 +6139,9 @@
} }
}, },
"node_modules/rxjs": { "node_modules/rxjs": {
"version": "7.8.1", "version": "7.8.2",
"resolved": "https://registry.npmjs.org/rxjs/-/rxjs-7.8.1.tgz", "resolved": "https://registry.npmjs.org/rxjs/-/rxjs-7.8.2.tgz",
"integrity": "sha512-AA3TVj+0A2iuIoQkWEK/tqFjBq2j+6PO6Y0zJcvzLAFhEFIO3HL0vls9hWLncZbAAbK0mar7oZ4V079I/qPMxg==", "integrity": "sha512-dhKf903U/PQZY6boNNtAGdWbG85WAbjT/1xYoZIC7FAY0yWapOBQVsVrDl58W86//e1VpMNBtRV4MaXfdMySFA==",
"dev": true, "dev": true,
"license": "Apache-2.0", "license": "Apache-2.0",
"dependencies": { "dependencies": {
@ -6186,9 +6161,9 @@
"license": "MIT" "license": "MIT"
}, },
"node_modules/sass": { "node_modules/sass": {
"version": "1.84.0", "version": "1.85.1",
"resolved": "https://registry.npmjs.org/sass/-/sass-1.84.0.tgz", "resolved": "https://registry.npmjs.org/sass/-/sass-1.85.1.tgz",
"integrity": "sha512-XDAbhEPJRxi7H0SxrnOpiXFQoUJHwkR2u3Zc4el+fK/Tt5Hpzw5kkQ59qVDfvdaUq6gCrEZIbySFBM2T9DNKHg==", "integrity": "sha512-Uk8WpxM5v+0cMR0XjX9KfRIacmSG86RH4DCCZjLU2rFh5tyutt9siAXJ7G+YfxQ99Q6wrRMbMlVl6KqUms71ag==",
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {
"chokidar": "^4.0.0", "chokidar": "^4.0.0",
@ -6661,9 +6636,9 @@
} }
}, },
"node_modules/sass/node_modules/readdirp": { "node_modules/sass/node_modules/readdirp": {
"version": "4.1.1", "version": "4.1.2",
"resolved": "https://registry.npmjs.org/readdirp/-/readdirp-4.1.1.tgz", "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-4.1.2.tgz",
"integrity": "sha512-h80JrZu/MHUZCyHu5ciuoI0+WxsCxzxJTILn6Fs8rxSnFPh+UVHYfeIxK1nVGugMqkfC4vJcBOYbkfkwYK0+gw==", "integrity": "sha512-GDhwkLfywWL2s6vEjyhri+eXmfH6j1L7JE27WhqLeYzoh/A3DBaYGEj2H/HFZCn/kMfim73FXxEJTw06WtxQwg==",
"license": "MIT", "license": "MIT",
"engines": { "engines": {
"node": ">= 14.18.0" "node": ">= 14.18.0"
@ -6978,9 +6953,9 @@
} }
}, },
"node_modules/terser": { "node_modules/terser": {
"version": "5.38.2", "version": "5.39.0",
"resolved": "https://registry.npmjs.org/terser/-/terser-5.38.2.tgz", "resolved": "https://registry.npmjs.org/terser/-/terser-5.39.0.tgz",
"integrity": "sha512-w8CXxxbFA5zfNsR/i8HZq5bvn18AK0O9jj7hyo1YqkovLxEFa0uP0LCVGZRqiRaKRFxXhELBp8SteeAjEnfeJg==", "integrity": "sha512-LBAhFyLho16harJoWMg/nZsQYgTrg5jXOn2nCYjRUcZZEdE3qa2zb8QEDRUGVZBW4rlazf2fxkg8tztybTaqWw==",
"dev": true, "dev": true,
"license": "BSD-2-Clause", "license": "BSD-2-Clause",
"dependencies": { "dependencies": {
@ -6997,9 +6972,9 @@
} }
}, },
"node_modules/terser-webpack-plugin": { "node_modules/terser-webpack-plugin": {
"version": "5.3.11", "version": "5.3.14",
"resolved": "https://registry.npmjs.org/terser-webpack-plugin/-/terser-webpack-plugin-5.3.11.tgz", "resolved": "https://registry.npmjs.org/terser-webpack-plugin/-/terser-webpack-plugin-5.3.14.tgz",
"integrity": "sha512-RVCsMfuD0+cTt3EwX8hSl2Ks56EbFHWmhluwcqoPKtBnfjiT6olaq7PRIRfhyU8nnC2MrnDrBLfrD/RGE+cVXQ==", "integrity": "sha512-vkZjpUjb6OMS7dhV+tILUW6BhpDR7P2L/aQSAv+Uwk+m8KATX9EccViHTJR2qDtACKPIYndLGCyl3FMo+r2LMw==",
"dev": true, "dev": true,
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {
@ -7229,9 +7204,9 @@
} }
}, },
"node_modules/update-browserslist-db": { "node_modules/update-browserslist-db": {
"version": "1.1.2", "version": "1.1.3",
"resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.1.2.tgz", "resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.1.3.tgz",
"integrity": "sha512-PPypAm5qvlD7XMZC3BujecnaOxwhrtoFR+Dqkk5Aa/6DssiH0ibKoketaj9w8LP7Bont1rYeoV5plxD7RTEPRg==", "integrity": "sha512-UxhIZQ+QInVdunkDAaiazvvT/+fXL5Osr0JZlJulepYu6Jd7qJtDZjlur0emRlT71EN3ScPoE7gvsuIKKNavKw==",
"dev": true, "dev": true,
"funding": [ "funding": [
{ {
@ -7259,16 +7234,6 @@
"browserslist": ">= 4.21.0" "browserslist": ">= 4.21.0"
} }
}, },
"node_modules/uri-js": {
"version": "4.4.1",
"resolved": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz",
"integrity": "sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==",
"dev": true,
"license": "BSD-2-Clause",
"dependencies": {
"punycode": "^2.1.0"
}
},
"node_modules/util-deprecate": { "node_modules/util-deprecate": {
"version": "1.0.2", "version": "1.0.2",
"resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz", "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
@ -7522,9 +7487,9 @@
"license": "BSD-2-Clause" "license": "BSD-2-Clause"
}, },
"node_modules/webpack": { "node_modules/webpack": {
"version": "5.97.1", "version": "5.98.0",
"resolved": "https://registry.npmjs.org/webpack/-/webpack-5.97.1.tgz", "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.98.0.tgz",
"integrity": "sha512-EksG6gFY3L1eFMROS/7Wzgrii5mBAFe4rIr3r2BTfo7bcc+DWwFZ4OJ/miOuHJO/A85HwyI4eQ0F6IKXesO7Fg==", "integrity": "sha512-UFynvx+gM44Gv9qFgj0acCQK2VE1CtdfwFdimkapco3hlPCJ/zeq73n2yVKimVbtm+TnApIugGhLJnkU6gjYXA==",
"dev": true, "dev": true,
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {
@ -7546,9 +7511,9 @@
"loader-runner": "^4.2.0", "loader-runner": "^4.2.0",
"mime-types": "^2.1.27", "mime-types": "^2.1.27",
"neo-async": "^2.6.2", "neo-async": "^2.6.2",
"schema-utils": "^3.2.0", "schema-utils": "^4.3.0",
"tapable": "^2.1.1", "tapable": "^2.1.1",
"terser-webpack-plugin": "^5.3.10", "terser-webpack-plugin": "^5.3.11",
"watchpack": "^2.4.1", "watchpack": "^2.4.1",
"webpack-sources": "^3.2.3" "webpack-sources": "^3.2.3"
}, },
@ -7617,59 +7582,6 @@
"url": "https://github.com/chalk/supports-color?sponsor=1" "url": "https://github.com/chalk/supports-color?sponsor=1"
} }
}, },
"node_modules/webpack/node_modules/ajv": {
"version": "6.12.6",
"resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz",
"integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==",
"dev": true,
"license": "MIT",
"dependencies": {
"fast-deep-equal": "^3.1.1",
"fast-json-stable-stringify": "^2.0.0",
"json-schema-traverse": "^0.4.1",
"uri-js": "^4.2.2"
},
"funding": {
"type": "github",
"url": "https://github.com/sponsors/epoberezkin"
}
},
"node_modules/webpack/node_modules/ajv-keywords": {
"version": "3.5.2",
"resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-3.5.2.tgz",
"integrity": "sha512-5p6WTN0DdTGVQk6VjcEju19IgaHudalcfabD7yhDGeA6bcQnmL+CpveLJq/3hvfwd1aof6L386Ougkx6RfyMIQ==",
"dev": true,
"license": "MIT",
"peerDependencies": {
"ajv": "^6.9.1"
}
},
"node_modules/webpack/node_modules/json-schema-traverse": {
"version": "0.4.1",
"resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz",
"integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==",
"dev": true,
"license": "MIT"
},
"node_modules/webpack/node_modules/schema-utils": {
"version": "3.3.0",
"resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-3.3.0.tgz",
"integrity": "sha512-pN/yOAvcC+5rQ5nERGuwrjLlYvLTbCibnZ1I7B1LaiAz9BRBlE9GMgE/eqV30P7aJQUf7Ddimy/RsbYO/GrVGg==",
"dev": true,
"license": "MIT",
"dependencies": {
"@types/json-schema": "^7.0.8",
"ajv": "^6.12.5",
"ajv-keywords": "^3.5.2"
},
"engines": {
"node": ">= 10.13.0"
},
"funding": {
"type": "opencollective",
"url": "https://opencollective.com/webpack"
}
},
"node_modules/whatwg-encoding": { "node_modules/whatwg-encoding": {
"version": "3.1.1", "version": "3.1.1",
"resolved": "https://registry.npmjs.org/whatwg-encoding/-/whatwg-encoding-3.1.1.tgz", "resolved": "https://registry.npmjs.org/whatwg-encoding/-/whatwg-encoding-3.1.1.tgz",
@ -7842,9 +7754,9 @@
} }
}, },
"node_modules/yocto-queue": { "node_modules/yocto-queue": {
"version": "1.1.1", "version": "1.2.0",
"resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-1.1.1.tgz", "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-1.2.0.tgz",
"integrity": "sha512-b4JR1PFR10y1mKjhHY9LaGo6tmrgjit7hxVIeAmyMw3jegXR4dhYqLaQF5zMXZxY7tLpMyJeLjr1C4rLmkVe8g==", "integrity": "sha512-KHBC7z61OJeaMGnF3wqNZj+GGNXOyypZviiKpQeiHirG5Ib1ImwcLBH70rbMSkKfSmUNBsdf2PwaEJtKvgmkNw==",
"dev": true, "dev": true,
"license": "MIT", "license": "MIT",
"engines": { "engines": {

604
src/registrar/admin.py
View file

@ -76,6 +76,19 @@ from django.utils.translation import gettext_lazy as _
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
class ImportExportRegistrarModelAdmin(ImportExportModelAdmin):
def has_import_permission(self, request):
return request.user.has_perm("registrar.analyst_access_permission") or request.user.has_perm(
"registrar.full_access_permission"
)
def has_export_permission(self, request):
return request.user.has_perm("registrar.analyst_access_permission") or request.user.has_perm(
"registrar.full_access_permission"
)
class FsmModelResource(resources.ModelResource): class FsmModelResource(resources.ModelResource):
"""ModelResource is extended to support importing of tables which """ModelResource is extended to support importing of tables which
have FSMFields. ModelResource is extended with the following changes have FSMFields. ModelResource is extended with the following changes
@ -466,7 +479,7 @@ class DomainRequestAdminForm(forms.ModelForm):
# only set the available transitions if the user is not restricted # only set the available transitions if the user is not restricted
# from editing the domain request; otherwise, the form will be # from editing the domain request; otherwise, the form will be
# readonly and the status field will not have a widget # readonly and the status field will not have a widget
if not domain_request.creator.is_restricted(): if not domain_request.creator.is_restricted() and "status" in self.fields:
self.fields["status"].widget.choices = available_transitions self.fields["status"].widget.choices = available_transitions
def get_custom_field_transitions(self, instance, field): def get_custom_field_transitions(self, instance, field):
@ -920,7 +933,7 @@ class ListHeaderAdmin(AuditedAdmin, OrderableFieldsMixin):
return filters return filters
class MyUserAdmin(BaseUserAdmin, ImportExportModelAdmin): class MyUserAdmin(BaseUserAdmin, ImportExportRegistrarModelAdmin):
"""Custom user admin class to use our inlines.""" """Custom user admin class to use our inlines."""
resource_classes = [UserResource] resource_classes = [UserResource]
@ -1225,7 +1238,7 @@ class HostResource(resources.ModelResource):
model = models.Host model = models.Host
class MyHostAdmin(AuditedAdmin, ImportExportModelAdmin): class MyHostAdmin(AuditedAdmin, ImportExportRegistrarModelAdmin):
"""Custom host admin class to use our inlines.""" """Custom host admin class to use our inlines."""
resource_classes = [HostResource] resource_classes = [HostResource]
@ -1243,7 +1256,7 @@ class HostIpResource(resources.ModelResource):
model = models.HostIP model = models.HostIP
class HostIpAdmin(AuditedAdmin, ImportExportModelAdmin): class HostIpAdmin(AuditedAdmin, ImportExportRegistrarModelAdmin):
"""Custom host ip admin class""" """Custom host ip admin class"""
resource_classes = [HostIpResource] resource_classes = [HostIpResource]
@ -1258,7 +1271,7 @@ class ContactResource(resources.ModelResource):
model = models.Contact model = models.Contact
class ContactAdmin(ListHeaderAdmin, ImportExportModelAdmin): class ContactAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
"""Custom contact admin class to add search.""" """Custom contact admin class to add search."""
resource_classes = [ContactResource] resource_classes = [ContactResource]
@ -1392,6 +1405,59 @@ class SeniorOfficialAdmin(ListHeaderAdmin):
# in autocomplete_fields for Senior Official # in autocomplete_fields for Senior Official
ordering = ["first_name", "last_name"] ordering = ["first_name", "last_name"]
readonly_fields = []
# Even though this is empty, I will leave it as a stub for easy changes in the future
# rather than strip it out of our logic.
analyst_readonly_fields = [] # type: ignore
omb_analyst_readonly_fields = [
"first_name",
"last_name",
"title",
"phone",
"email",
"federal_agency",
]
def get_readonly_fields(self, request, obj=None):
"""Set the read-only state on form elements.
We have conditions that determine which fields are read-only:
admin user permissions and analyst (cisa or omb) status, so
we'll use the baseline readonly_fields and extend it as needed.
"""
readonly_fields = list(self.readonly_fields)
if request.user.has_perm("registrar.full_access_permission"):
return readonly_fields
# Return restrictive Read-only fields for OMB analysts
if request.user.groups.filter(name="omb_analysts_group").exists():
readonly_fields.extend([field for field in self.omb_analyst_readonly_fields])
return readonly_fields
# Return restrictive Read-only fields for analysts and
# users who might not belong to groups
readonly_fields.extend([field for field in self.analyst_readonly_fields])
return readonly_fields
def get_queryset(self, request):
"""Restrict queryset based on user permissions."""
qs = super().get_queryset(request)
# Check if user is in OMB analysts group
if request.user.groups.filter(name="omb_analysts_group").exists():
return qs.filter(federal_agency__federal_type=BranchChoices.EXECUTIVE)
return qs # Return full queryset if the user doesn't have the restriction
def has_view_permission(self, request, obj=None):
"""Restrict view permissions based on group membership and model attributes."""
if request.user.has_perm("registrar.full_access_permission"):
return True
if obj:
if request.user.groups.filter(name="omb_analysts_group").exists():
return obj.federal_agency and obj.federal_agency.federal_type == BranchChoices.EXECUTIVE
return super().has_view_permission(request, obj)
class WebsiteResource(resources.ModelResource): class WebsiteResource(resources.ModelResource):
"""defines how each field in the referenced model should be mapped to the corresponding fields in the """defines how each field in the referenced model should be mapped to the corresponding fields in the
@ -1401,7 +1467,7 @@ class WebsiteResource(resources.ModelResource):
model = models.Website model = models.Website
class WebsiteAdmin(ListHeaderAdmin, ImportExportModelAdmin): class WebsiteAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
"""Custom website admin class.""" """Custom website admin class."""
resource_classes = [WebsiteResource] resource_classes = [WebsiteResource]
@ -1502,7 +1568,7 @@ class UserPortfolioPermissionAdmin(ListHeaderAdmin):
obj.delete() # Calls the overridden delete method on each instance obj.delete() # Calls the overridden delete method on each instance
class UserDomainRoleAdmin(ListHeaderAdmin, ImportExportModelAdmin): class UserDomainRoleAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
"""Custom user domain role admin class.""" """Custom user domain role admin class."""
resource_classes = [UserDomainRoleResource] resource_classes = [UserDomainRoleResource]
@ -1685,6 +1751,63 @@ class DomainInvitationAdmin(BaseInvitationAdmin):
# Override for the delete confirmation page on the domain table (bulk delete action) # Override for the delete confirmation page on the domain table (bulk delete action)
delete_selected_confirmation_template = "django/admin/domain_invitation_delete_selected_confirmation.html" delete_selected_confirmation_template = "django/admin/domain_invitation_delete_selected_confirmation.html"
def get_annotated_queryset(self, queryset):
return queryset.annotate(
converted_generic_org_type=Case(
# When portfolio is present, use its value instead
When(
domain__domain_info__portfolio__isnull=False,
then=F("domain__domain_info__portfolio__organization_type"),
),
# Otherwise, return the natively assigned value
default=F("domain__domain_info__generic_org_type"),
),
converted_federal_type=Case(
# When portfolio is present, use its value instead
When(
Q(domain__domain_info__portfolio__isnull=False)
& Q(domain__domain_info__portfolio__federal_agency__isnull=False),
then=F("domain__domain_info__portfolio__federal_agency__federal_type"),
),
# Otherwise, return the federal agency's federal_type
default=F("domain__domain_info__federal_agency__federal_type"),
),
)
def get_queryset(self, request):
"""Restrict queryset based on user permissions."""
qs = super().get_queryset(request)
# Check if user is in OMB analysts group
if request.user.groups.filter(name="omb_analysts_group").exists():
annotated_qs = self.get_annotated_queryset(qs)
return annotated_qs.filter(
converted_generic_org_type=DomainRequest.OrganizationChoices.FEDERAL,
converted_federal_type=BranchChoices.EXECUTIVE,
)
return qs # Return full queryset if the user doesn't have the restriction
def has_view_permission(self, request, obj=None):
"""Restrict view permissions based on group membership and model attributes."""
if request.user.has_perm("registrar.full_access_permission"):
return True
if obj:
if request.user.groups.filter(name="omb_analysts_group").exists():
return (
obj.domain.domain_info.converted_generic_org_type == DomainRequest.OrganizationChoices.FEDERAL
and obj.domain.domain_info.converted_federal_type == BranchChoices.EXECUTIVE
)
return super().has_view_permission(request, obj)
# Select domain invitations to change -> Domain invitations
def changelist_view(self, request, extra_context=None):
if extra_context is None:
extra_context = {}
extra_context["tabtitle"] = "Domain invitations"
# Get the filtered values
return super().changelist_view(request, extra_context=extra_context)
def change_view(self, request, object_id, form_url="", extra_context=None): def change_view(self, request, object_id, form_url="", extra_context=None):
"""Override the change_view to add the invitation obj for the change_form_object_tools template""" """Override the change_view to add the invitation obj for the change_form_object_tools template"""
@ -1847,7 +1970,7 @@ class PortfolioInvitationAdmin(BaseInvitationAdmin):
requested_user = get_requested_user(requested_email) requested_user = get_requested_user(requested_email)
permission_exists = UserPortfolioPermission.objects.filter( permission_exists = UserPortfolioPermission.objects.filter(
user__email=requested_email, portfolio=portfolio, user__email__isnull=False user__email__iexact=requested_email, portfolio=portfolio, user__email__isnull=False
).exists() ).exists()
if not permission_exists: if not permission_exists:
# if permission does not exist for a user with requested_email, send email # if permission does not exist for a user with requested_email, send email
@ -1857,9 +1980,7 @@ class PortfolioInvitationAdmin(BaseInvitationAdmin):
portfolio=portfolio, portfolio=portfolio,
is_admin_invitation=is_admin_invitation, is_admin_invitation=is_admin_invitation,
): ):
messages.warning( messages.warning(request, "Could not send email notification to existing organization admins.")
self.request, "Could not send email notification to existing organization admins."
)
# if user exists for email, immediately retrieve portfolio invitation upon creation # if user exists for email, immediately retrieve portfolio invitation upon creation
if requested_user is not None: if requested_user is not None:
obj.retrieve() obj.retrieve()
@ -1908,7 +2029,7 @@ class DomainInformationResource(resources.ModelResource):
model = models.DomainInformation model = models.DomainInformation
class DomainInformationAdmin(ListHeaderAdmin, ImportExportModelAdmin): class DomainInformationAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
"""Customize domain information admin class.""" """Customize domain information admin class."""
class GenericOrgFilter(admin.SimpleListFilter): class GenericOrgFilter(admin.SimpleListFilter):
@ -2185,6 +2306,47 @@ class DomainInformationAdmin(ListHeaderAdmin, ImportExportModelAdmin):
"is_policy_acknowledged", "is_policy_acknowledged",
] ]
# Read only that we'll leverage for OMB Analysts
omb_analyst_readonly_fields = [
"federal_agency",
"creator",
"about_your_organization",
"anything_else",
"cisa_representative_first_name",
"cisa_representative_last_name",
"cisa_representative_email",
"domain_request",
"notes",
"senior_official",
"organization_type",
"organization_name",
"state_territory",
"address_line1",
"address_line2",
"city",
"zipcode",
"urbanization",
"portfolio_organization_type",
"portfolio_federal_type",
"portfolio_organization_name",
"portfolio_federal_agency",
"portfolio_state_territory",
"portfolio_address_line1",
"portfolio_address_line2",
"portfolio_city",
"portfolio_zipcode",
"portfolio_urbanization",
"organization_type",
"federal_type",
"federal_agency",
"tribe_name",
"federally_recognized_tribe",
"state_recognized_tribe",
"about_your_organization",
"portfolio",
"sub_organization",
]
# For each filter_horizontal, init in admin js initFilterHorizontalWidget # For each filter_horizontal, init in admin js initFilterHorizontalWidget
# to activate the edit/delete/view buttons # to activate the edit/delete/view buttons
filter_horizontal = ("other_contacts",) filter_horizontal = ("other_contacts",)
@ -2213,6 +2375,10 @@ class DomainInformationAdmin(ListHeaderAdmin, ImportExportModelAdmin):
if request.user.has_perm("registrar.full_access_permission"): if request.user.has_perm("registrar.full_access_permission"):
return readonly_fields return readonly_fields
# Return restrictive Read-only fields for OMB analysts
if request.user.groups.filter(name="omb_analysts_group").exists():
readonly_fields.extend([field for field in self.omb_analyst_readonly_fields])
return readonly_fields
# Return restrictive Read-only fields for analysts and # Return restrictive Read-only fields for analysts and
# users who might not belong to groups # users who might not belong to groups
readonly_fields.extend([field for field in self.analyst_readonly_fields]) readonly_fields.extend([field for field in self.analyst_readonly_fields])
@ -2229,6 +2395,38 @@ class DomainInformationAdmin(ListHeaderAdmin, ImportExportModelAdmin):
use_sort = db_field.name != "senior_official" use_sort = db_field.name != "senior_official"
return super().formfield_for_foreignkey(db_field, request, use_admin_sort_fields=use_sort, **kwargs) return super().formfield_for_foreignkey(db_field, request, use_admin_sort_fields=use_sort, **kwargs)
def get_annotated_queryset(self, queryset):
return queryset.annotate(
conv_generic_org_type=Case(
# When portfolio is present, use its value instead
When(portfolio__isnull=False, then=F("portfolio__organization_type")),
# Otherwise, return the natively assigned value
default=F("generic_org_type"),
),
conv_federal_type=Case(
# When portfolio is present, use its value instead
When(
Q(portfolio__isnull=False) & Q(portfolio__federal_agency__isnull=False),
then=F("portfolio__federal_agency__federal_type"),
),
# Otherwise, return the federal_type from federal agency
default=F("federal_agency__federal_type"),
),
)
def get_queryset(self, request):
"""Custom get_queryset to filter by portfolio if portfolio is in the
request params."""
qs = super().get_queryset(request)
# Check if user is in OMB analysts group
if request.user.groups.filter(name="omb_analysts_group").exists():
annotated_qs = self.get_annotated_queryset(qs)
return annotated_qs.filter(
conv_generic_org_type=DomainRequest.OrganizationChoices.FEDERAL,
conv_federal_type=BranchChoices.EXECUTIVE,
)
return qs
class DomainRequestResource(FsmModelResource): class DomainRequestResource(FsmModelResource):
"""defines how each field in the referenced model should be mapped to the corresponding fields in the """defines how each field in the referenced model should be mapped to the corresponding fields in the
@ -2238,7 +2436,7 @@ class DomainRequestResource(FsmModelResource):
model = models.DomainRequest model = models.DomainRequest
class DomainRequestAdmin(ListHeaderAdmin, ImportExportModelAdmin): class DomainRequestAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
"""Custom domain requests admin class.""" """Custom domain requests admin class."""
resource_classes = [DomainRequestResource] resource_classes = [DomainRequestResource]
@ -2296,7 +2494,7 @@ class DomainRequestAdmin(ListHeaderAdmin, ImportExportModelAdmin):
class FederalTypeFilter(admin.SimpleListFilter): class FederalTypeFilter(admin.SimpleListFilter):
"""Custom Federal Type filter that accomodates portfolio feature. """Custom Federal Type filter that accomodates portfolio feature.
If we have a portfolio, use the portfolio's federal type. If not, use the If we have a portfolio, use the portfolio's federal type. If not, use the
organization in the Domain Request object.""" organization in the Domain Request object's federal agency."""
title = "federal type" title = "federal type"
parameter_name = "converted_federal_types" parameter_name = "converted_federal_types"
@ -2337,7 +2535,7 @@ class DomainRequestAdmin(ListHeaderAdmin, ImportExportModelAdmin):
if self.value(): if self.value():
return queryset.filter( return queryset.filter(
Q(portfolio__federal_agency__federal_type=self.value()) Q(portfolio__federal_agency__federal_type=self.value())
| Q(portfolio__isnull=True, federal_type=self.value()) | Q(portfolio__isnull=True, federal_agency__federal_type=self.value())
) )
return queryset return queryset
@ -2752,6 +2950,62 @@ class DomainRequestAdmin(ListHeaderAdmin, ImportExportModelAdmin):
"cisa_representative_email", "cisa_representative_email",
] ]
# Read only that we'll leverage for OMB Analysts
omb_analyst_readonly_fields = [
"federal_agency",
"creator",
"about_your_organization",
"requested_domain",
"approved_domain",
"alternative_domains",
"purpose",
"no_other_contacts_rationale",
"anything_else",
"is_policy_acknowledged",
"cisa_representative_first_name",
"cisa_representative_last_name",
"cisa_representative_email",
"status",
"investigator",
"notes",
"senior_official",
"organization_type",
"organization_name",
"state_territory",
"address_line1",
"address_line2",
"city",
"zipcode",
"urbanization",
"portfolio_organization_type",
"portfolio_federal_type",
"portfolio_organization_name",
"portfolio_federal_agency",
"portfolio_state_territory",
"portfolio_address_line1",
"portfolio_address_line2",
"portfolio_city",
"portfolio_zipcode",
"portfolio_urbanization",
"is_election_board",
"organization_type",
"federal_type",
"federal_agency",
"tribe_name",
"federally_recognized_tribe",
"state_recognized_tribe",
"about_your_organization",
"rejection_reason",
"rejection_reason_email",
"action_needed_reason",
"action_needed_reason_email",
"portfolio",
"sub_organization",
"requested_suborganization",
"suborganization_city",
"suborganization_state_territory",
]
autocomplete_fields = [ autocomplete_fields = [
"approved_domain", "approved_domain",
"requested_domain", "requested_domain",
@ -3003,6 +3257,10 @@ class DomainRequestAdmin(ListHeaderAdmin, ImportExportModelAdmin):
if request.user.has_perm("registrar.full_access_permission"): if request.user.has_perm("registrar.full_access_permission"):
return readonly_fields return readonly_fields
# Return restrictive Read-only fields for OMB analysts
if request.user.groups.filter(name="omb_analysts_group").exists():
readonly_fields.extend([field for field in self.omb_analyst_readonly_fields])
return readonly_fields
# Return restrictive Read-only fields for analysts and # Return restrictive Read-only fields for analysts and
# users who might not belong to groups # users who might not belong to groups
readonly_fields.extend([field for field in self.analyst_readonly_fields]) readonly_fields.extend([field for field in self.analyst_readonly_fields])
@ -3186,6 +3444,25 @@ class DomainRequestAdmin(ListHeaderAdmin, ImportExportModelAdmin):
use_sort = db_field.name != "senior_official" use_sort = db_field.name != "senior_official"
return super().formfield_for_foreignkey(db_field, request, use_admin_sort_fields=use_sort, **kwargs) return super().formfield_for_foreignkey(db_field, request, use_admin_sort_fields=use_sort, **kwargs)
def get_annotated_queryset(self, queryset):
return queryset.annotate(
conv_generic_org_type=Case(
# When portfolio is present, use its value instead
When(portfolio__isnull=False, then=F("portfolio__organization_type")),
# Otherwise, return the natively assigned value
default=F("generic_org_type"),
),
conv_federal_type=Case(
# When portfolio is present, use its value instead
When(
Q(portfolio__isnull=False) & Q(portfolio__federal_agency__isnull=False),
then=F("portfolio__federal_agency__federal_type"),
),
# Otherwise, return federal type from federal agency
default=F("federal_agency__federal_type"),
),
)
def get_queryset(self, request): def get_queryset(self, request):
"""Custom get_queryset to filter by portfolio if portfolio is in the """Custom get_queryset to filter by portfolio if portfolio is in the
request params.""" request params."""
@ -3195,8 +3472,39 @@ class DomainRequestAdmin(ListHeaderAdmin, ImportExportModelAdmin):
if portfolio_id: if portfolio_id:
# Further filter the queryset by the portfolio # Further filter the queryset by the portfolio
qs = qs.filter(portfolio=portfolio_id) qs = qs.filter(portfolio=portfolio_id)
# Check if user is in OMB analysts group
if request.user.groups.filter(name="omb_analysts_group").exists():
annotated_qs = self.get_annotated_queryset(qs)
return annotated_qs.filter(
conv_generic_org_type=DomainRequest.OrganizationChoices.FEDERAL,
conv_federal_type=BranchChoices.EXECUTIVE,
)
return qs return qs
def has_view_permission(self, request, obj=None):
"""Restrict view permissions based on group membership and model attributes."""
if request.user.has_perm("registrar.full_access_permission"):
return True
if obj:
if request.user.groups.filter(name="omb_analysts_group").exists():
return (
obj.converted_generic_org_type == DomainRequest.OrganizationChoices.FEDERAL
and obj.converted_federal_type == BranchChoices.EXECUTIVE
)
return super().has_view_permission(request, obj)
def has_change_permission(self, request, obj=None):
"""Restrict update permissions based on group membership and model attributes."""
if request.user.has_perm("registrar.full_access_permission"):
return True
if obj:
if request.user.groups.filter(name="omb_analysts_group").exists():
return (
obj.converted_generic_org_type == DomainRequest.OrganizationChoices.FEDERAL
and obj.converted_federal_type == BranchChoices.EXECUTIVE
)
return super().has_change_permission(request, obj)
def get_search_results(self, request, queryset, search_term): def get_search_results(self, request, queryset, search_term):
# Call the parent's method to apply default search logic # Call the parent's method to apply default search logic
base_queryset, use_distinct = super().get_search_results(request, queryset, search_term) base_queryset, use_distinct = super().get_search_results(request, queryset, search_term)
@ -3216,6 +3524,15 @@ class DomainRequestAdmin(ListHeaderAdmin, ImportExportModelAdmin):
return combined_queryset, use_distinct return combined_queryset, use_distinct
def get_form(self, request, obj=None, **kwargs):
"""Pass the 'is_omb_analyst' attribute to the form."""
form = super().get_form(request, obj, **kwargs)
# Store attribute in the form for template access
form.show_contact_as_plain_text = request.user.groups.filter(name="omb_analysts_group").exists()
return form
class TransitionDomainAdmin(ListHeaderAdmin): class TransitionDomainAdmin(ListHeaderAdmin):
"""Custom transition domain admin class.""" """Custom transition domain admin class."""
@ -3247,6 +3564,16 @@ class DomainInformationInline(admin.StackedInline):
template = "django/admin/includes/domain_info_inline_stacked.html" template = "django/admin/includes/domain_info_inline_stacked.html"
model = models.DomainInformation model = models.DomainInformation
def __init__(self, *args, **kwargs):
"""Initialize the admin class and define a default value for is_omb_analyst."""
super().__init__(*args, **kwargs)
self.is_omb_analyst = False # Default value in case it's accessed before being set
def get_queryset(self, request):
"""Ensure self.is_omb_analyst is set early."""
self.is_omb_analyst = request.user.groups.filter(name="omb_analysts_group").exists()
return super().get_queryset(request)
# Define methods to display fields from the related portfolio # Define methods to display fields from the related portfolio
def portfolio_senior_official(self, obj) -> Optional[SeniorOfficial]: def portfolio_senior_official(self, obj) -> Optional[SeniorOfficial]:
return obj.portfolio.senior_official if obj.portfolio and obj.portfolio.senior_official else None return obj.portfolio.senior_official if obj.portfolio and obj.portfolio.senior_official else None
@ -3314,6 +3641,7 @@ class DomainInformationInline(admin.StackedInline):
fieldsets = copy.deepcopy(list(DomainInformationAdmin.fieldsets)) fieldsets = copy.deepcopy(list(DomainInformationAdmin.fieldsets))
readonly_fields = copy.deepcopy(DomainInformationAdmin.readonly_fields) readonly_fields = copy.deepcopy(DomainInformationAdmin.readonly_fields)
analyst_readonly_fields = copy.deepcopy(DomainInformationAdmin.analyst_readonly_fields) analyst_readonly_fields = copy.deepcopy(DomainInformationAdmin.analyst_readonly_fields)
omb_analyst_readonly_fields = copy.deepcopy(DomainInformationAdmin.omb_analyst_readonly_fields)
autocomplete_fields = copy.deepcopy(DomainInformationAdmin.autocomplete_fields) autocomplete_fields = copy.deepcopy(DomainInformationAdmin.autocomplete_fields)
def get_domain_managers(self, obj): def get_domain_managers(self, obj):
@ -3334,12 +3662,16 @@ class DomainInformationInline(admin.StackedInline):
if not domain_managers: if not domain_managers:
return "No domain managers found." return "No domain managers found."
domain_manager_details = "<table><thead><tr><th>UID</th><th>Name</th><th>Email</th></tr></thead><tbody>" domain_manager_details = "<table><thead><tr>"
if not self.is_omb_analyst:
domain_manager_details += "<th>UID</th>"
domain_manager_details += "<th>Name</th><th>Email</th></tr></thead><tbody>"
for domain_manager in domain_managers: for domain_manager in domain_managers:
full_name = domain_manager.get_formatted_name() full_name = domain_manager.get_formatted_name()
change_url = reverse("admin:registrar_user_change", args=[domain_manager.pk]) change_url = reverse("admin:registrar_user_change", args=[domain_manager.pk])
domain_manager_details += "<tr>" domain_manager_details += "<tr>"
domain_manager_details += f'<td><a href="{change_url}">{escape(domain_manager.username)}</a>' if not self.is_omb_analyst:
domain_manager_details += f'<td><a href="{change_url}">{escape(domain_manager.username)}</a>'
domain_manager_details += f"<td>{escape(full_name)}</td>" domain_manager_details += f"<td>{escape(full_name)}</td>"
domain_manager_details += f"<td>{escape(domain_manager.email)}</td>" domain_manager_details += f"<td>{escape(domain_manager.email)}</td>"
domain_manager_details += "</tr>" domain_manager_details += "</tr>"
@ -3371,7 +3703,8 @@ class DomainInformationInline(admin.StackedInline):
superuser_perm = request.user.has_perm("registrar.full_access_permission") superuser_perm = request.user.has_perm("registrar.full_access_permission")
analyst_perm = request.user.has_perm("registrar.analyst_access_permission") analyst_perm = request.user.has_perm("registrar.analyst_access_permission")
if analyst_perm and not superuser_perm: omb_analyst_perm = request.user.groups.filter(name="omb_analysts_group").exists()
if (analyst_perm or omb_analyst_perm) and not superuser_perm:
return True return True
return super().has_change_permission(request, obj) return super().has_change_permission(request, obj)
@ -3445,6 +3778,23 @@ class DomainInformationInline(admin.StackedInline):
return modified_fieldsets return modified_fieldsets
def get_form(self, request, obj=None, **kwargs):
"""Pass the 'is_omb_analyst' attribute to the form."""
form = super().get_form(request, obj, **kwargs)
# Store attribute in the form for template access
self.is_omb_analyst = request.user.groups.filter(name="omb_analysts_group").exists()
form.show_contact_as_plain_text = self.is_omb_analyst
form.is_omb_analyst = self.is_omb_analyst
return form
def get_formset(self, request, obj=None, **kwargs):
"""Attach request to the formset so that it can be available in the form"""
formset = super().get_formset(request, obj, **kwargs)
formset.form.request = request # Attach request to form
return formset
class DomainResource(FsmModelResource): class DomainResource(FsmModelResource):
"""defines how each field in the referenced model should be mapped to the corresponding fields in the """defines how each field in the referenced model should be mapped to the corresponding fields in the
@ -3454,7 +3804,7 @@ class DomainResource(FsmModelResource):
model = models.Domain model = models.Domain
class DomainAdmin(ListHeaderAdmin, ImportExportModelAdmin): class DomainAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
"""Custom domain admin class to add extra buttons.""" """Custom domain admin class to add extra buttons."""
resource_classes = [DomainResource] resource_classes = [DomainResource]
@ -3566,7 +3916,7 @@ class DomainAdmin(ListHeaderAdmin, ImportExportModelAdmin):
if self.value(): if self.value():
return queryset.filter( return queryset.filter(
Q(domain_info__portfolio__federal_type=self.value()) Q(domain_info__portfolio__federal_type=self.value())
| Q(domain_info__portfolio__isnull=True, domain_info__federal_type=self.value()) | Q(domain_info__portfolio__isnull=True, domain_info__federal_agency__federal_type=self.value())
) )
return queryset return queryset
@ -3593,7 +3943,7 @@ class DomainAdmin(ListHeaderAdmin, ImportExportModelAdmin):
Q(domain_info__portfolio__isnull=False) & Q(domain_info__portfolio__federal_agency__isnull=False), Q(domain_info__portfolio__isnull=False) & Q(domain_info__portfolio__federal_agency__isnull=False),
then=F("domain_info__portfolio__federal_agency__federal_type"), then=F("domain_info__portfolio__federal_agency__federal_type"),
), ),
# Otherwise, return the natively assigned value # Otherwise, return federal type from federal agency
default=F("domain_info__federal_agency__federal_type"), default=F("domain_info__federal_agency__federal_type"),
), ),
converted_organization_name=Case( converted_organization_name=Case(
@ -4020,8 +4370,10 @@ class DomainAdmin(ListHeaderAdmin, ImportExportModelAdmin):
# Fixes a bug wherein users which are only is_staff # Fixes a bug wherein users which are only is_staff
# can access 'change' when GET, # can access 'change' when GET,
# but cannot access this page when it is a request of type POST. # but cannot access this page when it is a request of type POST.
if request.user.has_perm("registrar.full_access_permission") or request.user.has_perm( if (
"registrar.analyst_access_permission" request.user.has_perm("registrar.full_access_permission")
or request.user.has_perm("registrar.analyst_access_permission")
or request.user.groups.filter(name="omb_analysts_group").exists()
): ):
return True return True
return super().has_change_permission(request, obj) return super().has_change_permission(request, obj)
@ -4036,8 +4388,37 @@ class DomainAdmin(ListHeaderAdmin, ImportExportModelAdmin):
if portfolio_id: if portfolio_id:
# Further filter the queryset by the portfolio # Further filter the queryset by the portfolio
qs = qs.filter(domain_info__portfolio=portfolio_id) qs = qs.filter(domain_info__portfolio=portfolio_id)
# Check if user is in OMB analysts group
if request.user.groups.filter(name="omb_analysts_group").exists():
return qs.filter(
converted_generic_org_type=DomainRequest.OrganizationChoices.FEDERAL,
converted_federal_type=BranchChoices.EXECUTIVE,
)
return qs return qs
def has_view_permission(self, request, obj=None):
"""Restrict view permissions based on group membership and model attributes."""
if request.user.has_perm("registrar.full_access_permission"):
return True
if obj:
if request.user.groups.filter(name="omb_analysts_group").exists():
return (
obj.domain_info.converted_generic_org_type == DomainRequest.OrganizationChoices.FEDERAL
and obj.domain_info.converted_federal_type == BranchChoices.EXECUTIVE
)
return super().has_view_permission(request, obj)
def get_form(self, request, obj=None, **kwargs):
"""Pass the 'is_omb_analyst' attribute to the form."""
form = super().get_form(request, obj, **kwargs)
# Store attribute in the form for template access
is_omb_analyst = request.user.groups.filter(name="omb_analysts_group").exists()
form.show_contact_as_plain_text = is_omb_analyst
form.is_omb_analyst = is_omb_analyst
return form
class DraftDomainResource(resources.ModelResource): class DraftDomainResource(resources.ModelResource):
"""defines how each field in the referenced model should be mapped to the corresponding fields in the """defines how each field in the referenced model should be mapped to the corresponding fields in the
@ -4047,7 +4428,7 @@ class DraftDomainResource(resources.ModelResource):
model = models.DraftDomain model = models.DraftDomain
class DraftDomainAdmin(ListHeaderAdmin, ImportExportModelAdmin): class DraftDomainAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
"""Custom draft domain admin class.""" """Custom draft domain admin class."""
resource_classes = [DraftDomainResource] resource_classes = [DraftDomainResource]
@ -4159,7 +4540,7 @@ class PublicContactResource(resources.ModelResource):
self.after_save_instance(instance, using_transactions, dry_run) self.after_save_instance(instance, using_transactions, dry_run)
class PublicContactAdmin(ListHeaderAdmin, ImportExportModelAdmin): class PublicContactAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
"""Custom PublicContact admin class.""" """Custom PublicContact admin class."""
resource_classes = [PublicContactResource] resource_classes = [PublicContactResource]
@ -4214,6 +4595,11 @@ class PortfolioAdmin(ListHeaderAdmin):
_meta = Meta() _meta = Meta()
def __init__(self, *args, **kwargs):
"""Initialize the admin class and define a default value for is_omb_analyst."""
super().__init__(*args, **kwargs)
self.is_omb_analyst = False # Default value in case it's accessed before being set
change_form_template = "django/admin/portfolio_change_form.html" change_form_template = "django/admin/portfolio_change_form.html"
fieldsets = [ fieldsets = [
# created_on is the created_at field # created_on is the created_at field
@ -4295,6 +4681,19 @@ class PortfolioAdmin(ListHeaderAdmin):
# rather than strip it out of our logic. # rather than strip it out of our logic.
analyst_readonly_fields = [] # type: ignore analyst_readonly_fields = [] # type: ignore
omb_analyst_readonly_fields = [
"notes",
"organization_type",
"organization_name",
"federal_agency",
"state_territory",
"address_line1",
"address_line2",
"city",
"zipcode",
"urbanization",
]
def get_admin_users(self, obj): def get_admin_users(self, obj):
# Filter UserPortfolioPermission objects related to the portfolio # Filter UserPortfolioPermission objects related to the portfolio
admin_permissions = self.get_user_portfolio_permission_admins(obj) admin_permissions = self.get_user_portfolio_permission_admins(obj)
@ -4380,6 +4779,8 @@ class PortfolioAdmin(ListHeaderAdmin):
"""Returns the number of administrators for this portfolio""" """Returns the number of administrators for this portfolio"""
admin_count = len(self.get_user_portfolio_permission_admins(obj)) admin_count = len(self.get_user_portfolio_permission_admins(obj))
if admin_count > 0: if admin_count > 0:
if self.is_omb_analyst:
return format_html(f"{admin_count} administrators")
url = reverse("admin:registrar_userportfoliopermission_changelist") + f"?portfolio={obj.id}" url = reverse("admin:registrar_userportfoliopermission_changelist") + f"?portfolio={obj.id}"
# Create a clickable link with the count # Create a clickable link with the count
return format_html(f'<a href="{url}">{admin_count} admins</a>') return format_html(f'<a href="{url}">{admin_count} admins</a>')
@ -4391,6 +4792,8 @@ class PortfolioAdmin(ListHeaderAdmin):
"""Returns the number of basic members for this portfolio""" """Returns the number of basic members for this portfolio"""
member_count = len(self.get_user_portfolio_permission_non_admins(obj)) member_count = len(self.get_user_portfolio_permission_non_admins(obj))
if member_count > 0: if member_count > 0:
if self.is_omb_analyst:
return format_html(f"{member_count} members")
url = reverse("admin:registrar_userportfoliopermission_changelist") + f"?portfolio={obj.id}" url = reverse("admin:registrar_userportfoliopermission_changelist") + f"?portfolio={obj.id}"
# Create a clickable link with the count # Create a clickable link with the count
return format_html(f'<a href="{url}">{member_count} basic members</a>') return format_html(f'<a href="{url}">{member_count} basic members</a>')
@ -4436,12 +4839,35 @@ class PortfolioAdmin(ListHeaderAdmin):
if request.user.has_perm("registrar.full_access_permission"): if request.user.has_perm("registrar.full_access_permission"):
return readonly_fields return readonly_fields
# Return restrictive Read-only fields for OMB analysts
if request.user.groups.filter(name="omb_analysts_group").exists():
readonly_fields.extend([field for field in self.omb_analyst_readonly_fields])
return readonly_fields
# Return restrictive Read-only fields for analysts and # Return restrictive Read-only fields for analysts and
# users who might not belong to groups # users who might not belong to groups
readonly_fields.extend([field for field in self.analyst_readonly_fields]) readonly_fields.extend([field for field in self.analyst_readonly_fields])
return readonly_fields return readonly_fields
def get_queryset(self, request):
"""Restrict queryset based on user permissions."""
qs = super().get_queryset(request)
# Check if user is in OMB analysts group
if request.user.groups.filter(name="omb_analysts_group").exists():
self.is_omb_analyst = True
return qs.filter(federal_agency__federal_type=BranchChoices.EXECUTIVE)
return qs # Return full queryset if the user doesn't have the restriction
def has_view_permission(self, request, obj=None):
"""Restrict view permissions based on group membership and model attributes."""
if request.user.has_perm("registrar.full_access_permission"):
return True
if obj:
if request.user.groups.filter(name="omb_analysts_group").exists():
return obj.federal_type == BranchChoices.EXECUTIVE
return super().has_view_permission(request, obj)
def change_view(self, request, object_id, form_url="", extra_context=None): def change_view(self, request, object_id, form_url="", extra_context=None):
"""Add related suborganizations and domain groups. """Add related suborganizations and domain groups.
Add the summary for the portfolio members field (list of members that link to change_forms).""" Add the summary for the portfolio members field (list of members that link to change_forms)."""
@ -4486,6 +4912,17 @@ class PortfolioAdmin(ListHeaderAdmin):
super().save_model(request, obj, form, change) super().save_model(request, obj, form, change)
def get_form(self, request, obj=None, **kwargs):
"""Pass the 'is_omb_analyst' attribute to the form."""
form = super().get_form(request, obj, **kwargs)
# Store attribute in the form for template access
self.is_omb_analyst = request.user.groups.filter(name="omb_analysts_group").exists()
form.show_contact_as_plain_text = self.is_omb_analyst
form.is_omb_analyst = self.is_omb_analyst
return form
class FederalAgencyResource(resources.ModelResource): class FederalAgencyResource(resources.ModelResource):
"""defines how each field in the referenced model should be mapped to the corresponding fields in the """defines how each field in the referenced model should be mapped to the corresponding fields in the
@ -4495,13 +4932,66 @@ class FederalAgencyResource(resources.ModelResource):
model = models.FederalAgency model = models.FederalAgency
class FederalAgencyAdmin(ListHeaderAdmin, ImportExportModelAdmin): class FederalAgencyAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
list_display = ["agency"] list_display = ["agency"]
search_fields = ["agency"] search_fields = ["agency"]
search_help_text = "Search by federal agency." search_help_text = "Search by federal agency."
ordering = ["agency"] ordering = ["agency"]
resource_classes = [FederalAgencyResource] resource_classes = [FederalAgencyResource]
# Readonly fields for analysts and superusers
readonly_fields = []
# Read only that we'll leverage for CISA Analysts
analyst_readonly_fields = [] # type: ignore
# Read only that we'll leverage for OMB Analysts
omb_analyst_readonly_fields = [
"agency",
"federal_type",
"acronym",
"is_fceb",
]
def get_queryset(self, request):
"""Restrict queryset based on user permissions."""
qs = super().get_queryset(request)
# Check if user is in OMB analysts group
if request.user.groups.filter(name="omb_analysts_group").exists():
return qs.filter(
federal_type=BranchChoices.EXECUTIVE,
)
return qs # Return full queryset if the user doesn't have the restriction
def has_view_permission(self, request, obj=None):
"""Restrict view permissions based on group membership and model attributes."""
if request.user.has_perm("registrar.full_access_permission"):
return True
if obj:
if request.user.groups.filter(name="omb_analysts_group").exists():
return obj.federal_type == BranchChoices.EXECUTIVE
return super().has_view_permission(request, obj)
def get_readonly_fields(self, request, obj=None):
"""Set the read-only state on form elements.
We have 2 conditions that determine which fields are read-only:
admin user permissions and the domain request creator's status, so
we'll use the baseline readonly_fields and extend it as needed.
"""
readonly_fields = list(self.readonly_fields)
if request.user.has_perm("registrar.full_access_permission"):
return readonly_fields
# Return restrictive Read-only fields for OMB analysts
if request.user.groups.filter(name="omb_analysts_group").exists():
readonly_fields.extend([field for field in self.omb_analyst_readonly_fields])
return readonly_fields
# Return restrictive Read-only fields for analysts and
# users who might not belong to groups
readonly_fields.extend([field for field in self.analyst_readonly_fields])
return readonly_fields
class UserGroupAdmin(AuditedAdmin): class UserGroupAdmin(AuditedAdmin):
"""Overwrite the generated UserGroup admin class""" """Overwrite the generated UserGroup admin class"""
@ -4551,11 +5041,11 @@ class WaffleFlagAdmin(FlagAdmin):
return super().changelist_view(request, extra_context=extra_context) return super().changelist_view(request, extra_context=extra_context)
class DomainGroupAdmin(ListHeaderAdmin, ImportExportModelAdmin): class DomainGroupAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
list_display = ["name", "portfolio"] list_display = ["name", "portfolio"]
class SuborganizationAdmin(ListHeaderAdmin, ImportExportModelAdmin): class SuborganizationAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
list_display = ["name", "portfolio"] list_display = ["name", "portfolio"]
autocomplete_fields = [ autocomplete_fields = [
@ -4566,6 +5056,38 @@ class SuborganizationAdmin(ListHeaderAdmin, ImportExportModelAdmin):
change_form_template = "django/admin/suborg_change_form.html" change_form_template = "django/admin/suborg_change_form.html"
readonly_fields = []
# Even though this is empty, I will leave it as a stub for easy changes in the future
# rather than strip it out of our logic.
analyst_readonly_fields = [] # type: ignore
omb_analyst_readonly_fields = [
"name",
"portfolio",
"city",
"state_territory",
]
def get_readonly_fields(self, request, obj=None):
"""Set the read-only state on form elements.
We have conditions that determine which fields are read-only:
admin user permissions and analyst (cisa or omb) status, so
we'll use the baseline readonly_fields and extend it as needed.
"""
readonly_fields = list(self.readonly_fields)
if request.user.has_perm("registrar.full_access_permission"):
return readonly_fields
# Return restrictive Read-only fields for OMB analysts
if request.user.groups.filter(name="omb_analysts_group").exists():
readonly_fields.extend([field for field in self.omb_analyst_readonly_fields])
return readonly_fields
# Return restrictive Read-only fields for analysts and
# users who might not belong to groups
readonly_fields.extend([field for field in self.analyst_readonly_fields])
return readonly_fields
def change_view(self, request, object_id, form_url="", extra_context=None): def change_view(self, request, object_id, form_url="", extra_context=None):
"""Add suborg's related domains and requests to context""" """Add suborg's related domains and requests to context"""
obj = self.get_object(request, object_id) obj = self.get_object(request, object_id)
@ -4583,6 +5105,30 @@ class SuborganizationAdmin(ListHeaderAdmin, ImportExportModelAdmin):
extra_context = {"domain_requests": domain_requests, "domains": domains} extra_context = {"domain_requests": domain_requests, "domains": domains}
return super().change_view(request, object_id, form_url, extra_context) return super().change_view(request, object_id, form_url, extra_context)
def get_queryset(self, request):
"""Custom get_queryset to filter for OMB analysts."""
qs = super().get_queryset(request)
# Check if user is in OMB analysts group
if request.user.groups.filter(name="omb_analysts_group").exists():
return qs.filter(
portfolio__organization_type=DomainRequest.OrganizationChoices.FEDERAL,
portfolio__federal_agency__federal_type=BranchChoices.EXECUTIVE,
)
return qs
def has_view_permission(self, request, obj=None):
"""Restrict view permissions based on group membership and model attributes."""
if request.user.has_perm("registrar.full_access_permission"):
return True
if obj:
if request.user.groups.filter(name="omb_analysts_group").exists():
return (
obj.portfolio
and obj.portfolio.federal_agency
and obj.portfolio.federal_agency.federal_type == BranchChoices.EXECUTIVE
)
return super().has_view_permission(request, obj)
class AllowedEmailAdmin(ListHeaderAdmin): class AllowedEmailAdmin(ListHeaderAdmin):
class Meta: class Meta:

219
src/registrar/assets/src/js/getgov-admin/domain-request-form.js
View file

@ -105,8 +105,10 @@ export function initApprovedDomain() {
return; return;
} }
const statusToCheck = "approved"; const statusToCheck = "approved"; // when checking against a select
const readonlyStatusToCheck = "Approved"; // when checking against a readonly div display value
const statusSelect = document.getElementById("id_status"); const statusSelect = document.getElementById("id_status");
const statusField = document.querySelector("field-status");
const sessionVariableName = "showApprovedDomain"; const sessionVariableName = "showApprovedDomain";
let approvedDomainFormGroup = document.querySelector(".field-approved_domain"); let approvedDomainFormGroup = document.querySelector(".field-approved_domain");
@ -120,18 +122,32 @@ export function initApprovedDomain() {
// Handle showing/hiding the related fields on page load. // Handle showing/hiding the related fields on page load.
function initializeFormGroups() { function initializeFormGroups() {
let isStatus = statusSelect.value == statusToCheck; // Status is either in a select or in a readonly div. Both
// cases are handled below.
let isStatus = false;
if (statusSelect) {
isStatus = statusSelect.value == statusToCheck;
} else {
// statusSelect does not exist, indicating readonly
if (statusField) {
let readonlyDiv = statusField.querySelector("div.readonly");
let readonlyStatusText = readonlyDiv.textContent.trim();
isStatus = readonlyStatusText == readonlyStatusToCheck;
}
}
// Initial handling of these groups. // Initial handling of these groups.
updateFormGroupVisibility(isStatus); updateFormGroupVisibility(isStatus);
// Listen to change events and handle rejectionReasonFormGroup display, then save status to session storage if (statusSelect) {
statusSelect.addEventListener('change', () => { // Listen to change events and handle rejectionReasonFormGroup display, then save status to session storage
// Show the approved if the status is what we expect. statusSelect.addEventListener('change', () => {
isStatus = statusSelect.value == statusToCheck; // Show the approved if the status is what we expect.
updateFormGroupVisibility(isStatus); isStatus = statusSelect.value == statusToCheck;
addOrRemoveSessionBoolean(sessionVariableName, isStatus); updateFormGroupVisibility(isStatus);
}); addOrRemoveSessionBoolean(sessionVariableName, isStatus);
});
}
// Listen to Back/Forward button navigation and handle approvedDomainFormGroup display based on session storage // Listen to Back/Forward button navigation and handle approvedDomainFormGroup display based on session storage
// When you navigate using forward/back after changing status but not saving, when you land back on the DA page the // When you navigate using forward/back after changing status but not saving, when you land back on the DA page the
@ -322,6 +338,7 @@ class CustomizableEmailBase {
* @property {HTMLElement} modalConfirm - The confirm button in the modal. * @property {HTMLElement} modalConfirm - The confirm button in the modal.
* @property {string} apiUrl - The API URL for fetching email content. * @property {string} apiUrl - The API URL for fetching email content.
* @property {string} statusToCheck - The status to check against. Used for show/hide on textAreaFormGroup/dropdownFormGroup. * @property {string} statusToCheck - The status to check against. Used for show/hide on textAreaFormGroup/dropdownFormGroup.
* @property {string} readonlyStatusToCheck - The status to check against when readonly. Used for show/hide on textAreaFormGroup/dropdownFormGroup.
* @property {string} sessionVariableName - The session variable name. Used for show/hide on textAreaFormGroup/dropdownFormGroup. * @property {string} sessionVariableName - The session variable name. Used for show/hide on textAreaFormGroup/dropdownFormGroup.
* @property {string} apiErrorMessage - The error message that the ajax call returns. * @property {string} apiErrorMessage - The error message that the ajax call returns.
*/ */
@ -338,6 +355,7 @@ class CustomizableEmailBase {
this.textAreaFormGroup = config.textAreaFormGroup; this.textAreaFormGroup = config.textAreaFormGroup;
this.dropdownFormGroup = config.dropdownFormGroup; this.dropdownFormGroup = config.dropdownFormGroup;
this.statusToCheck = config.statusToCheck; this.statusToCheck = config.statusToCheck;
this.readonlyStatusToCheck = config.readonlyStatusToCheck;
this.sessionVariableName = config.sessionVariableName; this.sessionVariableName = config.sessionVariableName;
// Non-configurable variables // Non-configurable variables
@ -363,19 +381,31 @@ class CustomizableEmailBase {
// Handle showing/hiding the related fields on page load. // Handle showing/hiding the related fields on page load.
initializeFormGroups() { initializeFormGroups() {
let isStatus = this.statusSelect.value == this.statusToCheck; let isStatus = false;
if (this.statusSelect) {
isStatus = this.statusSelect.value == this.statusToCheck;
} else {
// statusSelect does not exist, indicating readonly
if (this.dropdownFormGroup) {
let readonlyDiv = this.dropdownFormGroup.querySelector("div.readonly");
let readonlyStatusText = readonlyDiv.textContent.trim();
isStatus = readonlyStatusText == this.readonlyStatusToCheck;
}
}
// Initial handling of these groups. // Initial handling of these groups.
this.updateFormGroupVisibility(isStatus); this.updateFormGroupVisibility(isStatus);
// Listen to change events and handle rejectionReasonFormGroup display, then save status to session storage if (this.statusSelect) {
this.statusSelect.addEventListener('change', () => { // Listen to change events and handle rejectionReasonFormGroup display, then save status to session storage
// Show the action needed field if the status is what we expect. this.statusSelect.addEventListener('change', () => {
// Then track if its shown or hidden in our session cache. // Show the action needed field if the status is what we expect.
isStatus = this.statusSelect.value == this.statusToCheck; // Then track if its shown or hidden in our session cache.
this.updateFormGroupVisibility(isStatus); isStatus = this.statusSelect.value == this.statusToCheck;
addOrRemoveSessionBoolean(this.sessionVariableName, isStatus); this.updateFormGroupVisibility(isStatus);
}); addOrRemoveSessionBoolean(this.sessionVariableName, isStatus);
});
}
// Listen to Back/Forward button navigation and handle rejectionReasonFormGroup display based on session storage // Listen to Back/Forward button navigation and handle rejectionReasonFormGroup display based on session storage
// When you navigate using forward/back after changing status but not saving, when you land back on the DA page the // When you navigate using forward/back after changing status but not saving, when you land back on the DA page the
@ -403,58 +433,66 @@ class CustomizableEmailBase {
} }
initializeDropdown() { initializeDropdown() {
this.dropdown.addEventListener("change", () => { if (this.dropdown) {
let reason = this.dropdown.value; this.dropdown.addEventListener("change", () => {
if (this.initialDropdownValue !== this.dropdown.value || this.initialEmailValue !== this.textarea.value) { let reason = this.dropdown.value;
let searchParams = new URLSearchParams( if (this.initialDropdownValue !== this.dropdown.value || this.initialEmailValue !== this.textarea.value) {
{ let searchParams = new URLSearchParams(
"reason": reason, {
"domain_request_id": this.domainRequestId, "reason": reason,
} "domain_request_id": this.domainRequestId,
); }
// Replace the email content );
fetch(`${this.apiUrl}?${searchParams.toString()}`) // Replace the email content
.then(response => { fetch(`${this.apiUrl}?${searchParams.toString()}`)
return response.json().then(data => data); .then(response => {
}) return response.json().then(data => data);
.then(data => { })
if (data.error) { .then(data => {
console.error("Error in AJAX call: " + data.error); if (data.error) {
}else { console.error("Error in AJAX call: " + data.error);
this.textarea.value = data.email; }else {
} this.textarea.value = data.email;
this.updateUserInterface(reason); }
}) this.updateUserInterface(reason);
.catch(error => { })
console.error(this.apiErrorMessage, error) .catch(error => {
}); console.error(this.apiErrorMessage, error)
} });
}); }
});
}
} }
initializeModalConfirm() { initializeModalConfirm() {
this.modalConfirm.addEventListener("click", () => { // When the modal confirm button is present, add a listener
this.textarea.removeAttribute('readonly'); if (this.modalConfirm) {
this.textarea.focus(); this.modalConfirm.addEventListener("click", () => {
this.textarea.removeAttribute('readonly');
this.textarea.focus();
hideElement(this.directEditButton); hideElement(this.directEditButton);
hideElement(this.modalTrigger); hideElement(this.modalTrigger);
}); });
}
} }
initializeDirectEditButton() { initializeDirectEditButton() {
this.directEditButton.addEventListener("click", () => { // When the direct edit button is present, add a listener
this.textarea.removeAttribute('readonly'); if (this.directEditButton) {
this.textarea.focus(); this.directEditButton.addEventListener("click", () => {
this.textarea.removeAttribute('readonly');
this.textarea.focus();
hideElement(this.directEditButton); hideElement(this.directEditButton);
hideElement(this.modalTrigger); hideElement(this.modalTrigger);
}); });
}
} }
isEmailAlreadySent() { isEmailAlreadySent() {
return this.lastSentEmailContent.value.replace(/\s+/g, '') === this.textarea.value.replace(/\s+/g, ''); return this.lastSentEmailContent.value.replace(/\s+/g, '') === this.textarea.value.replace(/\s+/g, '');
} }
updateUserInterface(reason=this.dropdown.value, excluded_reasons=["other"]) { updateUserInterface(reason, excluded_reasons=["other"]) {
if (!reason) { if (!reason) {
// No reason selected, we will set the label to "Email", show the "Make a selection" placeholder, hide the trigger, textarea, hide the help text // No reason selected, we will set the label to "Email", show the "Make a selection" placeholder, hide the trigger, textarea, hide the help text
this.showPlaceholderNoReason(); this.showPlaceholderNoReason();
@ -468,23 +506,25 @@ class CustomizableEmailBase {
// Helper function that makes overriding the readonly textarea easy // Helper function that makes overriding the readonly textarea easy
showReadonlyTextarea() { showReadonlyTextarea() {
// A triggering selection is selected, all hands on board: if (this.textarea && this.textareaPlaceholder) {
this.textarea.setAttribute('readonly', true); // A triggering selection is selected, all hands on board:
showElement(this.textarea); this.textarea.setAttribute('readonly', true);
hideElement(this.textareaPlaceholder); showElement(this.textarea);
hideElement(this.textareaPlaceholder);
if (this.isEmailAlreadySentConst) { if (this.isEmailAlreadySentConst) {
hideElement(this.directEditButton); hideElement(this.directEditButton);
showElement(this.modalTrigger); showElement(this.modalTrigger);
} else {
showElement(this.directEditButton);
hideElement(this.modalTrigger);
}
if (this.isEmailAlreadySent()) {
this.formLabel.innerHTML = "Email sent to creator:";
} else { } else {
showElement(this.directEditButton); this.formLabel.innerHTML = "Email:";
hideElement(this.modalTrigger); }
}
if (this.isEmailAlreadySent()) {
this.formLabel.innerHTML = "Email sent to creator:";
} else {
this.formLabel.innerHTML = "Email:";
} }
} }
@ -516,9 +556,10 @@ class customActionNeededEmail extends CustomizableEmailBase {
lastSentEmailContent: document.getElementById("last-sent-action-needed-email-content"), lastSentEmailContent: document.getElementById("last-sent-action-needed-email-content"),
modalConfirm: document.getElementById("action-needed-reason__confirm-edit-email"), modalConfirm: document.getElementById("action-needed-reason__confirm-edit-email"),
apiUrl: document.getElementById("get-action-needed-email-for-user-json")?.value || null, apiUrl: document.getElementById("get-action-needed-email-for-user-json")?.value || null,
textAreaFormGroup: document.querySelector('.field-action_needed_reason'), textAreaFormGroup: document.querySelector('.field-action_needed_reason_email'),
dropdownFormGroup: document.querySelector('.field-action_needed_reason_email'), dropdownFormGroup: document.querySelector('.field-action_needed_reason'),
statusToCheck: "action needed", statusToCheck: "action needed",
readonlyStatusToCheck: "Action needed",
sessionVariableName: "showActionNeededReason", sessionVariableName: "showActionNeededReason",
apiErrorMessage: "Error when attempting to grab action needed email: " apiErrorMessage: "Error when attempting to grab action needed email: "
} }
@ -529,7 +570,15 @@ class customActionNeededEmail extends CustomizableEmailBase {
// Hide/show the email fields depending on the current status // Hide/show the email fields depending on the current status
this.initializeFormGroups(); this.initializeFormGroups();
// Setup the textarea, edit button, helper text // Setup the textarea, edit button, helper text
this.updateUserInterface(); let reason = null;
if (this.dropdown) {
reason = this.dropdown.value;
} else if (this.dropdownFormGroup && this.dropdownFormGroup.querySelector("div.readonly")) {
if (this.dropdownFormGroup.querySelector("div.readonly").textContent) {
reason = this.dropdownFormGroup.querySelector("div.readonly").textContent.trim()
}
}
this.updateUserInterface(reason);
this.initializeDropdown(); this.initializeDropdown();
this.initializeModalConfirm(); this.initializeModalConfirm();
this.initializeDirectEditButton(); this.initializeDirectEditButton();
@ -560,12 +609,6 @@ export function initActionNeededEmail() {
// Initialize UI // Initialize UI
const customEmail = new customActionNeededEmail(); const customEmail = new customActionNeededEmail();
// Check that every variable was setup correctly
const nullItems = Object.entries(customEmail.config).filter(([key, value]) => value === null).map(([key]) => key);
if (nullItems.length > 0) {
console.error(`Failed to load customActionNeededEmail(). Some variables were null: ${nullItems.join(", ")}`)
return;
}
customEmail.loadActionNeededEmail() customEmail.loadActionNeededEmail()
}); });
} }
@ -581,6 +624,7 @@ class customRejectedEmail extends CustomizableEmailBase {
textAreaFormGroup: document.querySelector('.field-rejection_reason'), textAreaFormGroup: document.querySelector('.field-rejection_reason'),
dropdownFormGroup: document.querySelector('.field-rejection_reason_email'), dropdownFormGroup: document.querySelector('.field-rejection_reason_email'),
statusToCheck: "rejected", statusToCheck: "rejected",
readonlyStatusToCheck: "Rejected",
sessionVariableName: "showRejectionReason", sessionVariableName: "showRejectionReason",
errorMessage: "Error when attempting to grab rejected email: " errorMessage: "Error when attempting to grab rejected email: "
}; };
@ -589,7 +633,15 @@ class customRejectedEmail extends CustomizableEmailBase {
loadRejectedEmail() { loadRejectedEmail() {
this.initializeFormGroups(); this.initializeFormGroups();
this.updateUserInterface(); let reason = null;
if (this.dropdown) {
reason = this.dropdown.value;
} else if (this.dropdownFormGroup && this.dropdownFormGroup.querySelector("div.readonly")) {
if (this.dropdownFormGroup.querySelector("div.readonly").textContent) {
reason = this.dropdownFormGroup.querySelector("div.readonly").textContent.trim()
}
}
this.updateUserInterface(reason);
this.initializeDropdown(); this.initializeDropdown();
this.initializeModalConfirm(); this.initializeModalConfirm();
this.initializeDirectEditButton(); this.initializeDirectEditButton();
@ -600,7 +652,7 @@ class customRejectedEmail extends CustomizableEmailBase {
this.showPlaceholder("Email:", "Select a rejection reason to see email"); this.showPlaceholder("Email:", "Select a rejection reason to see email");
} }
updateUserInterface(reason=this.dropdown.value, excluded_reasons=[]) { updateUserInterface(reason, excluded_reasons=[]) {
super.updateUserInterface(reason, excluded_reasons); super.updateUserInterface(reason, excluded_reasons);
} }
} }
@ -619,12 +671,6 @@ export function initRejectedEmail() {
// Initialize UI // Initialize UI
const customEmail = new customRejectedEmail(); const customEmail = new customRejectedEmail();
// Check that every variable was setup correctly
const nullItems = Object.entries(customEmail.config).filter(([key, value]) => value === null).map(([key]) => key);
if (nullItems.length > 0) {
console.error(`Failed to load customRejectedEmail(). Some variables were null: ${nullItems.join(", ")}`)
return;
}
customEmail.loadRejectedEmail() customEmail.loadRejectedEmail()
}); });
} }
@ -648,7 +694,6 @@ function handleSuborgFieldsAndButtons() {
// Ensure that every variable is present before proceeding // Ensure that every variable is present before proceeding
if (!requestedSuborganizationField || !suborganizationCity || !suborganizationStateTerritory || !rejectButton) { if (!requestedSuborganizationField || !suborganizationCity || !suborganizationStateTerritory || !rejectButton) {
console.warn("handleSuborganizationSelection() => Could not find required fields.")
return; return;
} }

48
src/registrar/assets/src/js/getgov-admin/helpers-portfolio-dynamic-fields.js
View file

@ -12,7 +12,9 @@ export function handlePortfolioSelection(
suborgDropdownSelector="#id_sub_organization" suborgDropdownSelector="#id_sub_organization"
) { ) {
// These dropdown are select2 fields so they must be interacted with via jquery // These dropdown are select2 fields so they must be interacted with via jquery
// In the event that these fields are readonly, need a variable to reference their row
const portfolioDropdown = django.jQuery(portfolioDropdownSelector); const portfolioDropdown = django.jQuery(portfolioDropdownSelector);
const portfolioField = document.querySelector(".field-portfolio");
const suborganizationDropdown = django.jQuery(suborgDropdownSelector); const suborganizationDropdown = django.jQuery(suborgDropdownSelector);
const suborganizationField = document.querySelector(".field-sub_organization"); const suborganizationField = document.querySelector(".field-sub_organization");
const requestedSuborganizationField = document.querySelector(".field-requested_suborganization"); const requestedSuborganizationField = document.querySelector(".field-requested_suborganization");
@ -394,17 +396,33 @@ export function handlePortfolioSelection(
* - Various global field elements (e.g., `suborganizationField`, `seniorOfficialField`, `portfolioOrgTypeFieldSet`) are used. * - Various global field elements (e.g., `suborganizationField`, `seniorOfficialField`, `portfolioOrgTypeFieldSet`) are used.
*/ */
function updatePortfolioFieldsDisplay() { function updatePortfolioFieldsDisplay() {
// Retrieve the selected portfolio ID let portfolio_id = null;
let portfolio_id = portfolioDropdown.val(); let portfolio_selected = false;
// portfolio will be either readonly or a dropdown, handle both cases
if (portfolioDropdown.length) { // need to test length since the query will always be defined, even if not in DOM
// Retrieve the selected portfolio ID
portfolio_id = portfolioDropdown.val();
if (portfolio_id) {
portfolio_selected = true;
}
} else {
// get readonly field value
let portfolio = portfolioField.querySelector(".readonly").innerText;
if (portfolio != "-") {
portfolio_selected = true;
}
}
if (portfolio_id) { if (portfolio_selected) {
// A portfolio is selected - update suborganization dropdown and show/hide relevant fields // A portfolio is selected - update suborganization dropdown and show/hide relevant fields
// Update suborganization dropdown for the selected portfolio if (portfolio_id) {
updateSubOrganizationDropdown(portfolio_id); // Update suborganization dropdown for the selected portfolio
updateSubOrganizationDropdown(portfolio_id);
}
// Show fields relevant to a selected portfolio // Show fields relevant to a selected portfolio
showElement(suborganizationField); if (suborganizationField) showElement(suborganizationField);
hideElement(seniorOfficialField); hideElement(seniorOfficialField);
showElement(portfolioSeniorOfficialField); showElement(portfolioSeniorOfficialField);
@ -427,7 +445,7 @@ export function handlePortfolioSelection(
// No portfolio is selected - reverse visibility of fields // No portfolio is selected - reverse visibility of fields
// Hide suborganization field as no portfolio is selected // Hide suborganization field as no portfolio is selected
hideElement(suborganizationField); if (suborganizationField) hideElement(suborganizationField);
// Show fields that are relevant when no portfolio is selected // Show fields that are relevant when no portfolio is selected
showElement(seniorOfficialField); showElement(seniorOfficialField);
@ -468,10 +486,22 @@ export function handlePortfolioSelection(
* This function ensures the form dynamically reflects whether a specific suborganization is being selected or requested. * This function ensures the form dynamically reflects whether a specific suborganization is being selected or requested.
*/ */
function updateSuborganizationFieldsDisplay() { function updateSuborganizationFieldsDisplay() {
let portfolio_id = portfolioDropdown.val(); let portfolio_selected = false;
// portfolio will be either readonly or a dropdown, handle both cases
if (portfolioDropdown.length) { // need to test length since the query will always be defined, even if not in DOM
// Retrieve the selected portfolio ID
if (portfolioDropdown.val()) {
portfolio_selected = true;
}
} else {
// get readonly field value
if (portfolioField.querySelector(".readonly").innerText != "-") {
portfolio_selected = true;
}
}
let suborganization_id = suborganizationDropdown.val(); let suborganization_id = suborganizationDropdown.val();
if (portfolio_id && !suborganization_id) { if (portfolio_selected && !suborganization_id) {
// Show suborganization request fields // Show suborganization request fields
if (requestedSuborganizationField) showElement(requestedSuborganizationField); if (requestedSuborganizationField) showElement(requestedSuborganizationField);
if (suborganizationCity) showElement(suborganizationCity); if (suborganizationCity) showElement(suborganizationCity);

22
src/registrar/assets/src/js/getgov-admin/portfolio-form.js
View file

@ -21,6 +21,8 @@ function handlePortfolioFields(){
const federalTypeField = document.querySelector(".field-federal_type"); const federalTypeField = document.querySelector(".field-federal_type");
const urbanizationField = document.querySelector(".field-urbanization"); const urbanizationField = document.querySelector(".field-urbanization");
const stateTerritoryDropdown = document.getElementById("id_state_territory"); const stateTerritoryDropdown = document.getElementById("id_state_territory");
const stateTerritoryField = document.querySelector(".field-state_territory");
const stateTerritoryReadonly = stateTerritoryField.querySelector(".readonly");
const seniorOfficialAddUrl = document.getElementById("senior-official-add-url").value; const seniorOfficialAddUrl = document.getElementById("senior-official-add-url").value;
const seniorOfficialApi = document.getElementById("senior_official_from_agency_json_url").value; const seniorOfficialApi = document.getElementById("senior_official_from_agency_json_url").value;
const federalPortfolioApi = document.getElementById("federal_and_portfolio_types_from_agency_json_url").value; const federalPortfolioApi = document.getElementById("federal_and_portfolio_types_from_agency_json_url").value;
@ -85,9 +87,9 @@ function handlePortfolioFields(){
* 2. else show org name, hide federal agency, hide federal type if applicable * 2. else show org name, hide federal agency, hide federal type if applicable
*/ */
function handleOrganizationTypeChange() { function handleOrganizationTypeChange() {
if (organizationTypeDropdown && organizationNameField) { if (organizationTypeField && organizationNameField) {
let selectedValue = organizationTypeDropdown.value; let selectedValue = organizationTypeDropdown ? organizationTypeDropdown.value : organizationTypeReadonly.innerText;
if (selectedValue === "federal") { if (selectedValue === "federal" || selectedValue === "Federal") {
hideElement(organizationNameField); hideElement(organizationNameField);
showElement(federalAgencyField); showElement(federalAgencyField);
if (federalTypeField) { if (federalTypeField) {
@ -207,8 +209,8 @@ function handlePortfolioFields(){
* Handle urbanization * Handle urbanization
*/ */
function handleStateTerritoryChange() { function handleStateTerritoryChange() {
let selectedValue = stateTerritoryDropdown.value; let selectedValue = stateTerritoryDropdown ? stateTerritoryDropdown.value : stateTerritoryReadonly.innerText;
if (selectedValue === "PR") { if (selectedValue === "PR" || selectedValue === "Puerto Rico (PR)") {
showElement(urbanizationField) showElement(urbanizationField)
} else { } else {
hideElement(urbanizationField) hideElement(urbanizationField)
@ -265,7 +267,7 @@ function handlePortfolioFields(){
* Initializes necessary data and display configurations for the portfolio fields. * Initializes necessary data and display configurations for the portfolio fields.
*/ */
function initializePortfolioSettings() { function initializePortfolioSettings() {
if (urbanizationField && stateTerritoryDropdown) { if (urbanizationField && stateTerritoryField) {
handleStateTerritoryChange(); handleStateTerritoryChange();
} }
handleOrganizationTypeChange(); handleOrganizationTypeChange();
@ -285,9 +287,11 @@ function handlePortfolioFields(){
handleStateTerritoryChange(); handleStateTerritoryChange();
}); });
} }
organizationTypeDropdown.addEventListener("change", function() { if (organizationTypeDropdown) {
handleOrganizationTypeChange(); organizationTypeDropdown.addEventListener("change", function() {
}); handleOrganizationTypeChange();
});
}
} }
// Run initial setup functions // Run initial setup functions

27
src/registrar/assets/src/js/getgov/domain-dsdata.js
View file

@ -1,27 +0,0 @@
import { submitForm } from './form-helpers.js';
export function initDomainDSData() {
document.addEventListener('DOMContentLoaded', function() {
let domain_dsdata_page = document.getElementById("domain-dsdata");
if (domain_dsdata_page) {
const override_button = document.getElementById("disable-override-click-button");
const cancel_button = document.getElementById("btn-cancel-click-button");
const cancel_close_button = document.getElementById("btn-cancel-click-close-button");
if (override_button) {
override_button.addEventListener("click", function () {
submitForm("disable-override-click-form");
});
}
if (cancel_button) {
cancel_button.addEventListener("click", function () {
submitForm("btn-cancel-click-form");
});
}
if (cancel_close_button) {
cancel_close_button.addEventListener("click", function () {
submitForm("btn-cancel-click-form");
});
}
}
});
}

521
src/registrar/assets/src/js/getgov/form-dsdata.js Normal file
View file

@ -0,0 +1,521 @@
import { showElement, hideElement, scrollToElement } from './helpers';
import { removeErrorsFromElement, removeFormErrors } from './form-helpers';
export class DSDataForm {
constructor() {
this.addDSDataButton = document.getElementById('dsdata-add-button');
this.addDSDataForm = document.querySelector('.add-dsdata-form');
this.formChanged = false;
this.callback = null;
// Bind event handlers to maintain 'this' context
this.handleAddFormClick = this.handleAddFormClick.bind(this);
this.handleEditClick = this.handleEditClick.bind(this);
this.handleDeleteClick = this.handleDeleteClick.bind(this);
this.handleDeleteKebabClick = this.handleDeleteKebabClick.bind(this);
this.handleCancelClick = this.handleCancelClick.bind(this);
this.handleCancelAddFormClick = this.handleCancelAddFormClick.bind(this);
}
/**
* Initialize the DSDataForm by setting up display and event listeners.
*/
init() {
this.initializeDSDataFormDisplay();
this.initializeEventListeners();
}
/**
* Determines the initial display state of the DS data form,
* handling validation errors and setting visibility of elements accordingly.
*/
initializeDSDataFormDisplay() {
// This check indicates that there is an Add DS Data form
// and that form has errors in it. In this case, show the form, and indicate that the form has
// changed.
if (this.addDSDataForm && this.addDSDataForm.querySelector('.usa-input--error')) {
showElement(this.addDSDataForm);
this.formChanged = true;
}
// handle display of table view errors
// if error exists in an edit-row, make that row show, and readonly row hide
const formTable = document.getElementById('dsdata-table')
if (formTable) {
const editRows = formTable.querySelectorAll('.edit-row');
editRows.forEach(editRow => {
if (editRow.querySelector('.usa-input--error')) {
const readOnlyRow = editRow.previousElementSibling;
this.formChanged = true;
showElement(editRow);
hideElement(readOnlyRow);
}
})
}
}
/**
* Attaches event listeners to relevant UI elements for interaction handling.
*/
initializeEventListeners() {
this.addDSDataButton.addEventListener('click', this.handleAddFormClick);
const editButtons = document.querySelectorAll('.dsdata-edit');
editButtons.forEach(editButton => {
editButton.addEventListener('click', this.handleEditClick);
});
const cancelButtons = document.querySelectorAll('.dsdata-cancel');
cancelButtons.forEach(cancelButton => {
cancelButton.addEventListener('click', this.handleCancelClick);
});
const cancelAddFormButtons = document.querySelectorAll('.dsdata-cancel-add-form');
cancelAddFormButtons.forEach(cancelAddFormButton => {
cancelAddFormButton.addEventListener('click', this.handleCancelAddFormClick);
});
const deleteButtons = document.querySelectorAll('.dsdata-delete');
deleteButtons.forEach(deleteButton => {
deleteButton.addEventListener('click', this.handleDeleteClick);
});
const deleteKebabButtons = document.querySelectorAll('.dsdata-delete-kebab');
deleteKebabButtons.forEach(deleteKebabButton => {
deleteKebabButton.addEventListener('click', this.handleDeleteKebabClick);
});
const inputs = document.querySelectorAll("input[type='text'], textarea");
inputs.forEach(input => {
input.addEventListener("input", () => {
this.formChanged = true;
});
});
const selects = document.querySelectorAll("select");
selects.forEach(select => {
select.addEventListener("change", () => {
this.formChanged = true;
});
});
// Set event listeners on the submit buttons for the modals. Event listeners
// should execute the callback function, which has its logic updated prior
// to modal display
const unsaved_changes_modal = document.getElementById('unsaved-changes-modal');
if (unsaved_changes_modal) {
const submitButton = document.getElementById('unsaved-changes-click-button');
const closeButton = unsaved_changes_modal.querySelector('.usa-modal__close');
submitButton.addEventListener('click', () => {
closeButton.click();
this.executeCallback();
});
}
const cancel_changes_modal = document.getElementById('cancel-changes-modal');
if (cancel_changes_modal) {
const submitButton = document.getElementById('cancel-changes-click-button');
const closeButton = cancel_changes_modal.querySelector('.usa-modal__close');
submitButton.addEventListener('click', () => {
closeButton.click();
this.executeCallback();
});
}
const delete_modal = document.getElementById('delete-modal');
if (delete_modal) {
const submitButton = document.getElementById('delete-click-button');
const closeButton = delete_modal.querySelector('.usa-modal__close');
submitButton.addEventListener('click', () => {
closeButton.click();
this.executeCallback();
});
}
const disable_dnssec_modal = document.getElementById('disable-dnssec-modal');
if (disable_dnssec_modal) {
const submitButton = document.getElementById('disable-dnssec-click-button');
const closeButton = disable_dnssec_modal.querySelector('.usa-modal__close');
submitButton.addEventListener('click', () => {
closeButton.click();
this.executeCallback();
});
}
}
/**
* Executes a stored callback function if defined, otherwise logs a warning.
*/
executeCallback() {
if (this.callback) {
this.callback();
this.callback = null;
} else {
console.warn("No callback function set.");
}
}
/**
* Handles clicking the 'Add DS data' button, showing the form if needed.
* @param {Event} event - Click event
*/
handleAddFormClick(event) {
this.callback = () => {
// Check if any other edit row is currently visible and hide it
document.querySelectorAll('tr.edit-row:not(.display-none)').forEach(openEditRow => {
this.resetEditRowAndFormAndCollapseEditRow(openEditRow);
});
if (this.addDSDataForm) {
// Check if this.addDSDataForm is visible (i.e., does not have 'display-none')
if (!this.addDSDataForm.classList.contains('display-none')) {
this.resetAddDSDataForm();
}
// show add ds data form
showElement(this.addDSDataForm);
// focus on key tag in the form
let keyTagInput = this.addDSDataForm.querySelector('input[name$="-key_tag"]');
if (keyTagInput) {
keyTagInput.focus();
}
} else {
this.addAlert("error", "Youve reached the maximum amount of DS Data records (8). To add another record, youll need to delete one of your saved records.");
}
};
if (this.formChanged) {
//------- Show the unsaved changes confirmation modal
let modalTrigger = document.querySelector("#unsaved_changes_trigger");
if (modalTrigger) {
modalTrigger.click();
}
} else {
this.executeCallback();
}
}
/**
* Handles clicking an 'Edit' button on a readonly row, which hides the readonly row
* and displays the edit row, after performing some checks and possibly displaying modal.
* @param {Event} event - Click event
*/
handleEditClick(event) {
let editButton = event.target;
let readOnlyRow = editButton.closest('tr'); // Find the closest row
let editRow = readOnlyRow.nextElementSibling; // Get the next row
if (!editRow || !readOnlyRow) {
console.warn("Expected DOM element but did not find it");
return;
}
this.callback = () => {
// Check if any other edit row is currently visible and hide it
document.querySelectorAll('tr.edit-row:not(.display-none)').forEach(openEditRow => {
this.resetEditRowAndFormAndCollapseEditRow(openEditRow);
});
// Check if this.addDSDataForm is visible (i.e., does not have 'display-none')
if (this.addDSDataForm && !this.addDSDataForm.classList.contains('display-none')) {
this.resetAddDSDataForm();
}
// hide and show rows as appropriate
hideElement(readOnlyRow);
showElement(editRow);
};
if (this.formChanged) {
//------- Show the unsaved changes confirmation modal
let modalTrigger = document.querySelector("#unsaved_changes_trigger");
if (modalTrigger) {
modalTrigger.click();
}
} else {
this.executeCallback();
}
}
/**
* Handles clicking a 'Delete' button on an edit row, which hattempts to delete the DS record
* after displaying modal.
* @param {Event} event - Click event
*/
handleDeleteClick(event) {
let deleteButton = event.target;
let editRow = deleteButton.closest('tr');
if (!editRow) {
console.warn("Expected DOM element but did not find it");
return;
}
this.deleteRow(editRow);
}
/**
* Handles clicking a 'Delete' button on a readonly row in a kebab, which attempts to delete the DS record
* after displaying modal.
* @param {Event} event - Click event
*/
handleDeleteKebabClick(event) {
let deleteKebabButton = event.target;
let accordionDiv = deleteKebabButton.closest('div');
// hide the accordion
accordionDiv.hidden = true;
let readOnlyRow = deleteKebabButton.closest('tr'); // Find the closest row
let editRow = readOnlyRow.nextElementSibling; // Get the next row
if (!editRow) {
console.warn("Expected DOM element but did not find it");
return;
}
this.deleteRow(editRow);
}
/**
* Deletes a DS record row. If there is only one DS record, prompt the user
* that they will be disabling DNSSEC. Otherwise, prompt with delete confiration.
* If deletion proceeds, the input fields are cleared, and the form is submitted.
* @param {HTMLElement} editRow - The row corresponding to the DS record being deleted.
*/
deleteRow(editRow) {
// update the callback method
this.callback = () => {
hideElement(editRow);
let deleteInput = editRow.querySelector("input[name$='-DELETE']");
if (deleteInput) {
deleteInput.checked = true;
}
document.querySelector("form").submit();
};
// Check if at least 2 DS data records exist before the delete row action is taken
const thirdDSData = document.getElementById('id_form-2-key_tag')
if (thirdDSData) {
let modalTrigger = document.querySelector('#delete_trigger');
if (modalTrigger) {
modalTrigger.click();
}
} else {
let modalTrigger = document.querySelector('#disable_dnssec_trigger');
if (modalTrigger) {
modalTrigger.click();
}
}
}
/**
* Handles the click event on the "Cancel" button in the add DS data form.
* Resets the form fields and hides the add form section.
* @param {Event} event - Click event
*/
handleCancelAddFormClick(event) {
this.callback = () => {
this.resetAddDSDataForm();
}
if (this.formChanged) {
// Show the cancel changes confirmation modal
let modalTrigger = document.querySelector("#cancel_changes_trigger");
if (modalTrigger) {
modalTrigger.click();
}
} else {
this.executeCallback();
}
}
/**
* Handles the click event for the cancel button within the table form.
*
* This method identifies the edit row containing the cancel button and resets
* it to its initial state, restoring the corresponding read-only row.
*
* @param {Event} event - the click event triggered by the cancel button
*/
handleCancelClick(event) {
// get the cancel button that was clicked
let cancelButton = event.target;
// find the closest table row that contains the cancel button
let editRow = cancelButton.closest('tr');
this.callback = () => {
if (editRow) {
this.resetEditRowAndFormAndCollapseEditRow(editRow);
} else {
console.warn("Expected DOM element but did not find it");
}
}
if (this.formChanged) {
// Show the cancel changes confirmation modal
let modalTrigger = document.querySelector("#cancel_changes_trigger");
if (modalTrigger) {
modalTrigger.click();
}
} else {
this.executeCallback();
}
}
/**
* Resets the edit row, restores its original values, removes validation errors,
* and collapses the edit row while making the readonly row visible again.
* @param {HTMLElement} editRow - The row that is being reset and collapsed.
*/
resetEditRowAndFormAndCollapseEditRow(editRow) {
let readOnlyRow = editRow.previousElementSibling; // Get the next row
if (!editRow || !readOnlyRow) {
console.warn("Expected DOM element but did not find it");
return;
}
// reset the values set in editRow
this.resetInputValuesInElement(editRow);
// copy values from editRow to readOnlyRow
this.copyEditRowToReadonlyRow(editRow, readOnlyRow);
// remove errors from the editRow
removeErrorsFromElement(editRow);
// remove errors from the entire form
removeFormErrors();
// reset formChanged
this.resetFormChanged();
// hide and show rows as appropriate
hideElement(editRow);
showElement(readOnlyRow);
}
/**
* Resets the 'Add DS data' form by clearing its input fields, removing errors,
* and hiding the form to return it to its initial state.
*/
resetAddDSDataForm() {
if (this.addDSDataForm) {
// reset the values set in addDSDataForm
this.resetInputValuesInElement(this.addDSDataForm);
// remove errors from the addDSDataForm
removeErrorsFromElement(this.addDSDataForm);
// remove errors from the entire form
removeFormErrors();
// reset formChanged
this.resetFormChanged();
// hide the addDSDataForm
hideElement(this.addDSDataForm);
}
}
/**
* Resets all text input fields within the specified DOM element to their initial values.
* Triggers an 'input' event to ensure any event listeners update accordingly.
* @param {HTMLElement} domElement - The parent element containing text input fields to be reset.
*/
resetInputValuesInElement(domElement) {
const inputEvent = new Event('input');
const changeEvent = new Event('change');
// Reset text inputs
const inputs = document.querySelectorAll("input[type='text'], textarea");
inputs.forEach(input => {
// Reset input value to its initial stored value
input.value = input.dataset.initialValue;
// Dispatch input event to update any event-driven changes
input.dispatchEvent(inputEvent);
});
// Reset select elements
let selects = domElement.querySelectorAll("select");
selects.forEach(select => {
// Reset select value to its initial stored value
select.value = select.dataset.initialValue;
// Dispatch change event to update any event-driven changes
select.dispatchEvent(changeEvent);
});
}
/**
* Copies values from the editable row's text inputs into the corresponding
* readonly row cells, formatting them appropriately.
* @param {HTMLElement} editRow - The row containing editable input fields.
* @param {HTMLElement} readOnlyRow - The row where values will be displayed in a non-editable format.
*/
copyEditRowToReadonlyRow(editRow, readOnlyRow) {
let keyTagInput = editRow.querySelector("input[type='text']");
let selects = editRow.querySelectorAll("select");
let digestInput = editRow.querySelector("textarea");
let tds = readOnlyRow.querySelectorAll("td");
// Copy the key tag input value
if (keyTagInput) {
tds[0].innerText = keyTagInput.value || "";
}
// Copy select values (showing the selected label instead of value)
if (selects[0]) {
let selectedOption = selects[0].options[selects[0].selectedIndex];
if (tds[1]) {
tds[1].innerHTML = `<span class="ellipsis ellipsis--15">${selectedOption ? selectedOption.text : ""}</span>`;
}
}
if (selects[1]) {
let selectedOption = selects[1].options[selects[1].selectedIndex];
if (tds[2]) {
tds[2].innerText = selectedOption ? selectedOption.text : "";
}
}
// Copy the digest input value
if (digestInput) {
tds[3].innerHTML = `<span class="ellipsis ellipsis--23">${digestInput.value || ""}</span>`;
}
}
/**
* Resets the form change state.
* This method marks the form as unchanged by setting `formChanged` to false.
* It is useful for tracking whether a user has modified any form fields.
*/
resetFormChanged() {
this.formChanged = false;
}
/**
* Removes all existing alert messages from the main content area.
* This ensures that only the latest alert is displayed to the user.
*/
resetAlerts() {
const mainContent = document.getElementById("main-content");
if (mainContent) {
// Remove all alert elements within the main content area
mainContent.querySelectorAll(".usa-alert:not(.usa-alert--do-not-reset)").forEach(alert => alert.remove());
} else {
console.warn("Expecting main-content DOM element");
}
}
/**
* Displays an alert message at the top of the main content area.
* It first removes any existing alerts before adding a new one to ensure only the latest alert is visible.
* @param {string} level - The alert level (e.g., 'error', 'success', 'warning', 'info').
* @param {string} message - The message to display inside the alert.
*/
addAlert(level, message) {
this.resetAlerts(); // Remove any existing alerts before adding a new one
const mainContent = document.getElementById("main-content");
if (!mainContent) return;
// Create a new alert div with appropriate classes based on alert level
const alertDiv = document.createElement("div");
alertDiv.className = `usa-alert usa-alert--${level} usa-alert--slim margin-bottom-2`;
alertDiv.setAttribute("role", "alert"); // Add the role attribute
// Create the alert body to hold the message text
const alertBody = document.createElement("div");
alertBody.className = "usa-alert__body";
alertBody.textContent = message;
// Append the alert body to the alert div and insert it at the top of the main content area
alertDiv.appendChild(alertBody);
mainContent.insertBefore(alertDiv, mainContent.firstChild);
// Scroll the page to make the alert visible to the user
scrollToElement("class", "usa-alert__body");
}
}
/**
* Initializes the DSDataForm when the DOM is fully loaded.
*/
export function initFormDSData() {
document.addEventListener('DOMContentLoaded', () => {
if (document.getElementById('dsdata-add-button')) {
const dsDataForm = new DSDataForm();
dsDataForm.init();
}
});
}

10
src/registrar/assets/src/js/getgov/form-helpers.js
View file

@ -38,6 +38,16 @@ export function removeErrorsFromElement(domElement) {
domElement.querySelectorAll("input.usa-input--error").forEach(input => { domElement.querySelectorAll("input.usa-input--error").forEach(input => {
input.classList.remove("usa-input--error"); input.classList.remove("usa-input--error");
}); });
// Remove the 'usa-input--error' class from all select elements
domElement.querySelectorAll("select.usa-input--error").forEach(select => {
select.classList.remove("usa-input--error");
});
// Remove the 'usa-input--error' class from all textarea elements
domElement.querySelectorAll("textarea.usa-input--error").forEach(textarea => {
textarea.classList.remove("usa-input--error");
});
} }
/** /**

39
src/registrar/assets/src/js/getgov/form-nameservers.js
View file

@ -176,6 +176,15 @@ export class NameserverForm {
this.executeCallback(); this.executeCallback();
}); });
} }
const cancel_changes_modal = document.getElementById('cancel-changes-modal');
if (cancel_changes_modal) {
const submitButton = document.getElementById('cancel-changes-click-button');
const closeButton = cancel_changes_modal.querySelector('.usa-modal__close');
submitButton.addEventListener('click', () => {
closeButton.click();
this.executeCallback();
});
}
const delete_modal = document.getElementById('delete-modal'); const delete_modal = document.getElementById('delete-modal');
if (delete_modal) { if (delete_modal) {
const submitButton = document.getElementById('delete-click-button'); const submitButton = document.getElementById('delete-click-button');
@ -338,7 +347,18 @@ export class NameserverForm {
* @param {Event} event - Click event * @param {Event} event - Click event
*/ */
handleCancelAddFormClick(event) { handleCancelAddFormClick(event) {
this.resetAddNameserversForm(); this.callback = () => {
this.resetAddNameserversForm();
}
if (this.formChanged) {
// Show the cancel changes confirmation modal
let modalTrigger = document.querySelector("#cancel_changes_trigger");
if (modalTrigger) {
modalTrigger.click();
}
} else {
this.executeCallback();
}
} }
/** /**
@ -354,10 +374,21 @@ export class NameserverForm {
let cancelButton = event.target; let cancelButton = event.target;
// find the closest table row that contains the cancel button // find the closest table row that contains the cancel button
let editRow = cancelButton.closest('tr'); let editRow = cancelButton.closest('tr');
if (editRow) { this.callback = () => {
this.resetEditRowAndFormAndCollapseEditRow(editRow); if (editRow) {
this.resetEditRowAndFormAndCollapseEditRow(editRow);
} else {
console.warn("Expected DOM element but did not find it");
}
}
if (this.formChanged) {
// Show the cancel changes confirmation modal
let modalTrigger = document.querySelector("#cancel_changes_trigger");
if (modalTrigger) {
modalTrigger.click();
}
} else { } else {
console.warn("Expected DOM element but did not find it"); this.executeCallback();
} }
} }

36
src/registrar/assets/src/js/getgov/formset-forms.js
View file

@ -84,7 +84,7 @@ function markForm(e, formLabel){
} }
/** /**
* Prepare the namerservers, DS data and Other Contacts formsets' delete button * Prepare the Other Contacts formsets' delete button
* for the last added form. We call this from the Add function * for the last added form. We call this from the Add function
* *
*/ */
@ -108,7 +108,7 @@ function prepareNewDeleteButton(btn, formLabel) {
} }
/** /**
* Prepare the namerservers, DS data and Other Contacts formsets' delete buttons * Prepare the Other Contacts formsets' delete buttons
* We will call this on the forms init * We will call this on the forms init
* *
*/ */
@ -172,16 +172,11 @@ export function initFormsetsForms() {
let cloneIndex = 0; let cloneIndex = 0;
let formLabel = ''; let formLabel = '';
let isOtherContactsForm = document.querySelector(".other-contacts-form"); let isOtherContactsForm = document.querySelector(".other-contacts-form");
let isDsDataForm = document.querySelector(".ds-data-form");
let isDotgovDomain = document.querySelector(".dotgov-domain-form"); let isDotgovDomain = document.querySelector(".dotgov-domain-form");
if( !(isOtherContactsForm || isDotgovDomain || isDsDataForm) ){ if( !(isOtherContactsForm || isDotgovDomain) ){
return return
} }
// DNSSEC: DS Data if (isOtherContactsForm) {
if (isDsDataForm) {
formLabel = "DS data record";
// The Other Contacts form
} else if (isOtherContactsForm) {
formLabel = "Organization contact"; formLabel = "Organization contact";
container = document.querySelector("#other-employees"); container = document.querySelector("#other-employees");
formIdentifier = "other_contacts" formIdentifier = "other_contacts"
@ -287,26 +282,3 @@ export function initFormsetsForms() {
prepareNewDeleteButton(newDeleteButton, formLabel); prepareNewDeleteButton(newDeleteButton, formLabel);
} }
} }
export function triggerModalOnDsDataForm() {
let saveButon = document.querySelector("#save-ds-data");
// The view context will cause a hitherto hidden modal trigger to
// show up. On save, we'll test for that modal trigger appearing. We'll
// run that test once every 100 ms for 5 secs, which should balance performance
// while accounting for network or lag issues.
if (saveButon) {
let i = 0;
var tryToTriggerModal = setInterval(function() {
i++;
if (i > 100) {
clearInterval(tryToTriggerModal);
}
let modalTrigger = document.querySelector("#ds-toggle-dnssec-alert");
if (modalTrigger) {
modalTrigger.click()
clearInterval(tryToTriggerModal);
}
}, 50);
}
}

12
src/registrar/assets/src/js/getgov/main.js
View file

@ -1,7 +1,8 @@
import { hookupYesNoListener, hookupCallbacksToRadioToggler } from './radios.js'; import { hookupYesNoListener, hookupCallbacksToRadioToggler } from './radios.js';
import { initDomainValidators } from './domain-validators.js'; import { initDomainValidators } from './domain-validators.js';
import { initFormsetsForms, triggerModalOnDsDataForm } from './formset-forms.js'; import { initFormsetsForms } from './formset-forms.js';
import { initFormNameservers } from './form-nameservers' import { initFormNameservers } from './form-nameservers';
import { initFormDSData } from './form-dsdata.js';
import { initializeUrbanizationToggle } from './urbanization.js'; import { initializeUrbanizationToggle } from './urbanization.js';
import { userProfileListener, finishUserSetupListener } from './user-profile.js'; import { userProfileListener, finishUserSetupListener } from './user-profile.js';
import { handleRequestingEntityFieldset } from './requesting-entity.js'; import { handleRequestingEntityFieldset } from './requesting-entity.js';
@ -13,7 +14,6 @@ import { initEditMemberDomainsTable } from './table-edit-member-domains.js';
import { initPortfolioNewMemberPageToggle, initAddNewMemberPageListeners, initPortfolioMemberPageRadio } from './portfolio-member-page.js'; import { initPortfolioNewMemberPageToggle, initAddNewMemberPageListeners, initPortfolioMemberPageRadio } from './portfolio-member-page.js';
import { initDomainRequestForm } from './domain-request-form.js'; import { initDomainRequestForm } from './domain-request-form.js';
import { initDomainManagersPage } from './domain-managers.js'; import { initDomainManagersPage } from './domain-managers.js';
import { initDomainDSData } from './domain-dsdata.js';
import { initDomainDNSSEC } from './domain-dnssec.js'; import { initDomainDNSSEC } from './domain-dnssec.js';
import { initFormErrorHandling } from './form-errors.js'; import { initFormErrorHandling } from './form-errors.js';
import { domain_purpose_choice_callbacks } from './domain-purpose-form.js'; import { domain_purpose_choice_callbacks } from './domain-purpose-form.js';
@ -22,12 +22,14 @@ import { initButtonLinks } from '../getgov-admin/button-utils.js';
initDomainValidators(); initDomainValidators();
initFormsetsForms(); initFormsetsForms();
triggerModalOnDsDataForm();
initFormNameservers(); initFormNameservers();
initFormDSData();
hookupYesNoListener("other_contacts-has_other_contacts",'other-employees', 'no-other-employees'); hookupYesNoListener("other_contacts-has_other_contacts",'other-employees', 'no-other-employees');
hookupYesNoListener("additional_details-has_anything_else_text",'anything-else', null); hookupYesNoListener("additional_details-has_anything_else_text",'anything-else', null);
hookupYesNoListener("additional_details-has_cisa_representative",'cisa-representative', null); hookupYesNoListener("additional_details-has_cisa_representative",'cisa-representative', null);
hookupYesNoListener("portfolio_additional_details-working_with_eop", "eop-contact-container", null);
hookupYesNoListener("portfolio_additional_details-has_anything_else_text", 'anything-else-details-container', null);
hookupYesNoListener("dotgov_domain-feb_naming_requirements", null, "domain-naming-requirements-details-container"); hookupYesNoListener("dotgov_domain-feb_naming_requirements", null, "domain-naming-requirements-details-container");
hookupCallbacksToRadioToggler("purpose-feb_purpose_choice", domain_purpose_choice_callbacks); hookupCallbacksToRadioToggler("purpose-feb_purpose_choice", domain_purpose_choice_callbacks);
@ -35,7 +37,6 @@ hookupCallbacksToRadioToggler("purpose-feb_purpose_choice", domain_purpose_choic
hookupYesNoListener("purpose-has_timeframe", "purpose-timeframe-details-container", null); hookupYesNoListener("purpose-has_timeframe", "purpose-timeframe-details-container", null);
hookupYesNoListener("purpose-is_interagency_initiative", "purpose-interagency-initaitive-details-container", null); hookupYesNoListener("purpose-is_interagency_initiative", "purpose-interagency-initaitive-details-container", null);
initializeUrbanizationToggle(); initializeUrbanizationToggle();
userProfileListener(); userProfileListener();
@ -51,7 +52,6 @@ initEditMemberDomainsTable();
initDomainRequestForm(); initDomainRequestForm();
initDomainManagersPage(); initDomainManagersPage();
initDomainDSData();
initDomainDNSSEC(); initDomainDNSSEC();
initFormErrorHandling(); initFormErrorHandling();

2
src/registrar/assets/src/js/getgov/table-base.js
View file

@ -103,7 +103,7 @@ export function generateKebabHTML(action, unique_id, modal_button_text, screen_r
<div class="usa-accordion__heading"> <div class="usa-accordion__heading">
<button <button
type="button" type="button"
class="usa-button usa-button--unstyled usa-button--with-icon usa-accordion__button usa-button--more-actions" class="usa-button usa-button--unstyled usa-button--with-icon usa-accordion__button usa-button--more-actions margin-top-2px"
aria-expanded="false" aria-expanded="false"
aria-controls="more-actions-${unique_id}" aria-controls="more-actions-${unique_id}"
aria-label="${screen_reader_text}" aria-label="${screen_reader_text}"

4
src/registrar/assets/src/js/getgov/table-domain-requests.js
View file

@ -74,7 +74,7 @@ export class DomainRequestsTable extends BaseTable {
if (this.portfolioValue) { if (this.portfolioValue) {
markupCreatorRow = ` markupCreatorRow = `
<td> <td data-label="Created by">
<span class="text-wrap break-word">${request.creator ? request.creator : ''}</span> <span class="text-wrap break-word">${request.creator ? request.creator : ''}</span>
</td> </td>
` `
@ -117,7 +117,7 @@ export class DomainRequestsTable extends BaseTable {
<td data-label="Status"> <td data-label="Status">
${request.status} ${request.status}
</td> </td>
<td class="width--action-column"> <td data-label="Action" class="width--action-column">
<div class="tablet:display-flex tablet:flex-row"> <div class="tablet:display-flex tablet:flex-row">
<a href="${actionUrl}" ${customTableOptions.hasAdditionalActions ? "class='margin-right-2'" : ''}> <a href="${actionUrl}" ${customTableOptions.hasAdditionalActions ? "class='margin-right-2'" : ''}>
<svg class="usa-icon top-1px" aria-hidden="true" focusable="false" role="img" width="24"> <svg class="usa-icon top-1px" aria-hidden="true" focusable="false" role="img" width="24">

4
src/registrar/assets/src/js/getgov/table-domains.js
View file

@ -27,7 +27,7 @@ export class DomainsTable extends BaseTable {
if (this.portfolioValue) { if (this.portfolioValue) {
markupForSuborganizationRow = ` markupForSuborganizationRow = `
<td> <td data-label="Suborganization">
<span class="text-wrap" aria-label="${domain.suborganization ? suborganization : 'No suborganization'}">${suborganization}</span> <span class="text-wrap" aria-label="${domain.suborganization ? suborganization : 'No suborganization'}">${suborganization}</span>
</td> </td>
` `
@ -56,7 +56,7 @@ export class DomainsTable extends BaseTable {
</svg> </svg>
</td> </td>
${markupForSuborganizationRow} ${markupForSuborganizationRow}
<td class="width--action-column"> <td data-label="Action" class="width--action-column">
<div class="tablet:display-flex tablet:flex-row flex-align-center margin-right-2"> <div class="tablet:display-flex tablet:flex-row flex-align-center margin-right-2">
<a href="${actionUrl}"> <a href="${actionUrl}">
<svg class="usa-icon top-1px" aria-hidden="true" focusable="false" role="img" width="24"> <svg class="usa-icon top-1px" aria-hidden="true" focusable="false" role="img" width="24">

2
src/registrar/assets/src/js/getgov/table-members.js
View file

@ -116,7 +116,7 @@ export class MembersTable extends BaseTable {
<td class="padding-bottom-0" headers="header-last-active row-header-${unique_id}" data-sort-value="${last_active.sort_value}" data-label="Last active"> <td class="padding-bottom-0" headers="header-last-active row-header-${unique_id}" data-sort-value="${last_active.sort_value}" data-label="Last active">
${last_active.display_value} ${last_active.display_value}
</td> </td>
<td class="padding-bottom-0" headers="header-action row-header-${unique_id}" class="width--action-column"> <td data-label="Action" class="padding-bottom-0" headers="header-action row-header-${unique_id}" class="width--action-column">
<div class="tablet:display-flex tablet:flex-row flex-align-center"> <div class="tablet:display-flex tablet:flex-row flex-align-center">
<a href="${member.action_url}" ${customTableOptions.hasAdditionalActions ? "class='margin-right-2'" : ''}> <a href="${member.action_url}" ${customTableOptions.hasAdditionalActions ? "class='margin-right-2'" : ''}>
<svg class="usa-icon top-1px" aria-hidden="true" focusable="false" role="img" width="24"> <svg class="usa-icon top-1px" aria-hidden="true" focusable="false" role="img" width="24">

8
src/registrar/assets/src/sass/_theme/_accordions.scss
View file

@ -39,6 +39,9 @@
.margin-top-0 { .margin-top-0 {
margin-top: 0 !important; margin-top: 0 !important;
} }
.margin-top-2px {
margin-top: 2px !important;
}
} }
// This will work in responsive tables if we overwrite the overflow value on the table container // This will work in responsive tables if we overwrite the overflow value on the table container
@ -67,10 +70,11 @@
// Currently, that's not an issue since that Members table is not wrapped in the // Currently, that's not an issue since that Members table is not wrapped in the
// reponsive wrapper. // reponsive wrapper.
@include at-media-max("desktop") { @include at-media-max("desktop") {
tr:last-of-type .usa-accordion--more-actions .usa-accordion__content { tr:last-of-type .usa-accordion--more-actions .usa-accordion__content,
tr.view-only-row:nth-last-of-type(2) .usa-accordion--more-actions .usa-accordion__content {
top: auto; top: auto;
bottom: -10px; bottom: -10px;
right: 30px; right: 20px;
} }
} }

8
src/registrar/assets/src/sass/_theme/_base.scss
View file

@ -79,6 +79,10 @@ body {
} }
} }
.section-outlined--extra-padding {
padding: units(2) units(3) units(3);
}
.section-outlined--border-base-light { .section-outlined--border-base-light {
border: 1px solid color('base-light'); border: 1px solid color('base-light');
} }
@ -217,6 +221,10 @@ abbr[title] {
max-width: 23ch; max-width: 23ch;
} }
.ellipsis--15 {
max-width: 15ch;
}
.vertical-align-middle { .vertical-align-middle {
vertical-align: middle; vertical-align: middle;
} }

9
src/registrar/assets/src/sass/_theme/_containers.scss
View file

@ -15,6 +15,11 @@
padding-left: $widescreen-x-padding !important; padding-left: $widescreen-x-padding !important;
padding-right: $widescreen-x-padding !important; padding-right: $widescreen-x-padding !important;
} }
// Accomodate sideanv + table layouts
.grid-col--sidenav {
max-width: 230px;
}
} }
// matches max-width to equal the max-width of .grid-container // matches max-width to equal the max-width of .grid-container
@ -22,5 +27,5 @@
// regular grid-container within a widescreen (see instances // regular grid-container within a widescreen (see instances
// where is_widescreen_centered is used in the html). // where is_widescreen_centered is used in the html).
.max-width--grid-container { .max-width--grid-container {
max-width: 960px; max-width: 1024px;
} }

11
src/registrar/assets/src/sass/_theme/_forms.scss
View file

@ -79,3 +79,14 @@ legend.float-left-tablet + button.float-right-tablet {
.bg-gray-1 .usa-radio { .bg-gray-1 .usa-radio {
background: color('gray-1'); background: color('gray-1');
} }
.usa-textarea--digest {
max-height: 4rem;
min-width: 13rem;
resize: none;
overflow: hidden;
}
.usa-form .usa-button.margin-top-2 {
margin-top: units(2) !important;
}

12
src/registrar/assets/src/sass/_theme/_tables.scss
View file

@ -142,6 +142,14 @@ th {
} }
} }
.dotgov-table--cell-padding-2-2-2-0 {
@include at-media(mobile-lg) {
td, th {
padding: units(2) units(2) units(2) 0;
}
}
}
.usa-table--striped tbody tr:nth-child(odd) th, .usa-table--striped tbody tr:nth-child(odd) th,
.usa-table--striped tbody tr:nth-child(odd) td { .usa-table--striped tbody tr:nth-child(odd) td {
background-color: color('primary-lightest'); background-color: color('primary-lightest');
@ -165,4 +173,8 @@ th {
.usa-table-container--scrollable.usa-table-container--override-overflow { .usa-table-container--scrollable.usa-table-container--override-overflow {
overflow-y: visible; overflow-y: visible;
} }
.usa-table-container--override-scrollable td {
white-space: normal;
}
} }

2
src/registrar/config/settings.py
View file

@ -203,6 +203,8 @@ MIDDLEWARE = [
"registrar.registrar_middleware.CheckPortfolioMiddleware", "registrar.registrar_middleware.CheckPortfolioMiddleware",
# Restrict access using Opt-Out approach # Restrict access using Opt-Out approach
"registrar.registrar_middleware.RestrictAccessMiddleware", "registrar.registrar_middleware.RestrictAccessMiddleware",
# Our own router logs that included user info to speed up log tracing time on stable
"registrar.registrar_middleware.RequestLoggingMiddleware",
] ]
# application object used by Django's built-in servers (e.g. `runserver`) # application object used by Django's built-in servers (e.g. `runserver`)

6
src/registrar/decorators.py
View file

@ -12,6 +12,9 @@ logger = logging.getLogger(__name__)
# Constants for clarity # Constants for clarity
ALL = "all" ALL = "all"
IS_STAFF = "is_staff" IS_STAFF = "is_staff"
IS_CISA_ANALYST = "is_cisa_analyst"
IS_OMB_ANALYST = "is_omb_analyst"
IS_FULL_ACCESS = "is_full_access"
IS_DOMAIN_MANAGER = "is_domain_manager" IS_DOMAIN_MANAGER = "is_domain_manager"
IS_DOMAIN_REQUEST_CREATOR = "is_domain_request_creator" IS_DOMAIN_REQUEST_CREATOR = "is_domain_request_creator"
IS_STAFF_MANAGING_DOMAIN = "is_staff_managing_domain" IS_STAFF_MANAGING_DOMAIN = "is_staff_managing_domain"
@ -108,6 +111,9 @@ def _user_has_permission(user, request, rules, **kwargs):
# Define permission checks # Define permission checks
permission_checks = [ permission_checks = [
(IS_STAFF, lambda: user.is_staff), (IS_STAFF, lambda: user.is_staff),
(IS_CISA_ANALYST, lambda: user.has_perm("registrar.analyst_access_permission")),
(IS_OMB_ANALYST, lambda: user.groups.filter(name="omb_analysts_group").exists()),
(IS_FULL_ACCESS, lambda: user.has_perm("registrar.full_access_permission")),
( (
IS_DOMAIN_MANAGER, IS_DOMAIN_MANAGER,
lambda: (not user.is_org_user(request) and _is_domain_manager(user, **kwargs)) lambda: (not user.is_org_user(request) and _is_domain_manager(user, **kwargs))

71
src/registrar/forms/domain.py
View file

@ -2,7 +2,7 @@
import logging import logging
from django import forms from django import forms
from django.core.validators import MinValueValidator, MaxValueValidator, RegexValidator, MaxLengthValidator from django.core.validators import RegexValidator, MaxLengthValidator
from django.forms import formset_factory from django.forms import formset_factory
from registrar.forms.utility.combobox import ComboboxWidget from registrar.forms.utility.combobox import ComboboxWidget
from registrar.models import DomainRequest, FederalAgency from registrar.models import DomainRequest, FederalAgency
@ -630,14 +630,10 @@ class DomainDsdataForm(forms.Form):
if not re.match(r"^[0-9a-fA-F]+$", value): if not re.match(r"^[0-9a-fA-F]+$", value):
raise forms.ValidationError(str(DsDataError(code=DsDataErrorCodes.INVALID_DIGEST_CHARS))) raise forms.ValidationError(str(DsDataError(code=DsDataErrorCodes.INVALID_DIGEST_CHARS)))
key_tag = forms.IntegerField( key_tag = forms.CharField(
required=True, required=True,
label="Key tag", label="Key tag",
validators=[ error_messages={"required": "Key tag is required."},
MinValueValidator(0, message=str(DsDataError(code=DsDataErrorCodes.INVALID_KEYTAG_SIZE))),
MaxValueValidator(65535, message=str(DsDataError(code=DsDataErrorCodes.INVALID_KEYTAG_SIZE))),
],
error_messages={"required": ("Key tag is required.")},
) )
algorithm = forms.TypedChoiceField( algorithm = forms.TypedChoiceField(
@ -663,6 +659,13 @@ class DomainDsdataForm(forms.Form):
error_messages={ error_messages={
"required": "Digest is required.", "required": "Digest is required.",
}, },
widget=forms.Textarea(
attrs={
"maxlength": "64",
"class": "text-wrap usa-textarea--digest",
"hide_character_count": "True",
}
),
) )
def clean(self): def clean(self):
@ -672,6 +675,22 @@ class DomainDsdataForm(forms.Form):
cleaned_data = super().clean() cleaned_data = super().clean()
digest_type = cleaned_data.get("digest_type", 0) digest_type = cleaned_data.get("digest_type", 0)
digest = cleaned_data.get("digest", "") digest = cleaned_data.get("digest", "")
# Convert key_tag to an integer safely
key_tag = cleaned_data.get("key_tag", 0)
try:
key_tag = int(key_tag)
if key_tag < 0 or key_tag > 65535:
self.add_error(
"key_tag",
DsDataError(code=DsDataErrorCodes.INVALID_KEYTAG_SIZE),
)
except ValueError:
self.add_error(
"key_tag",
DsDataError(code=DsDataErrorCodes.INVALID_KEYTAG_CHARS),
)
# validate length of digest depending on digest_type # validate length of digest depending on digest_type
if digest_type == 1 and len(digest) != 40: if digest_type == 1 and len(digest) != 40:
self.add_error( self.add_error(
@ -686,9 +705,45 @@ class DomainDsdataForm(forms.Form):
return cleaned_data return cleaned_data
class BaseDsdataFormset(forms.BaseFormSet):
def clean(self):
"""Check for duplicate entries in the formset."""
if any(self.errors):
return # Skip duplicate checking if other errors exist
duplicate_errors = self._check_for_duplicates()
if duplicate_errors:
raise forms.ValidationError("Duplicate DS records found. Each DS record must be unique.")
def _check_for_duplicates(self):
"""Check for duplicate entries in the DS data forms"""
seen_ds_records = set()
duplicate_found = False
for form in self.forms:
if form.cleaned_data.get("key_tag") and not form.cleaned_data.get("DELETE", False):
ds_tuple = (
form.cleaned_data["key_tag"],
form.cleaned_data["algorithm"],
form.cleaned_data["digest_type"],
form.cleaned_data["digest"].upper(),
)
if ds_tuple in seen_ds_records:
form.add_error("key_tag", "You already entered this DS record. DS records must be unique.")
duplicate_found = True # Track that we found at least one duplicate
seen_ds_records.add(ds_tuple)
return duplicate_found # Returns True if any duplicates were found
DomainDsdataFormset = formset_factory( DomainDsdataFormset = formset_factory(
DomainDsdataForm, DomainDsdataForm,
extra=0, formset=BaseDsdataFormset,
extra=1,
max_num=8,
can_delete=True, can_delete=True,
) )

5
src/registrar/forms/domain_request_wizard.py
View file

@ -86,7 +86,6 @@ class RequestingEntityForm(RegistrarForm):
return {} return {}
# get the domain request as a dict, per usual method # get the domain request as a dict, per usual method
domain_request_dict = {name: getattr(obj, name) for name in cls.declared_fields.keys()} # type: ignore domain_request_dict = {name: getattr(obj, name) for name in cls.declared_fields.keys()} # type: ignore
# set sub_organization to 'other' if is_requesting_new_suborganization is True # set sub_organization to 'other' if is_requesting_new_suborganization is True
if isinstance(obj, DomainRequest) and obj.is_requesting_new_suborganization(): if isinstance(obj, DomainRequest) and obj.is_requesting_new_suborganization():
domain_request_dict["sub_organization"] = "other" domain_request_dict["sub_organization"] = "other"
@ -616,7 +615,8 @@ class PurposeDetailsForm(BaseDeletableRegistrarForm):
label="Purpose", label="Purpose",
widget=forms.Textarea( widget=forms.Textarea(
attrs={ attrs={
"aria-label": "What is the purpose of your requested domain? Describe how youll use your .gov domain. \ "aria-label": "What is the purpose of your requested domain? \
Describe how youll use your .gov domain. \
Will it be used for a website, email, or something else?" Will it be used for a website, email, or something else?"
} }
), ),
@ -922,6 +922,7 @@ class AnythingElseYesNoForm(BaseYesNoForm):
class RequirementsForm(RegistrarForm): class RequirementsForm(RegistrarForm):
is_policy_acknowledged = forms.BooleanField( is_policy_acknowledged = forms.BooleanField(
label="I read and agree to the requirements for operating a .gov domain.", label="I read and agree to the requirements for operating a .gov domain.",
error_messages={ error_messages={

80
src/registrar/forms/feb.py
View file

@ -121,3 +121,83 @@ class FEBInteragencyInitiativeDetailsForm(BaseDeletableRegistrarForm):
], ],
error_messages={"required": "Name the agencies that will be involved in this initiative."}, error_messages={"required": "Name the agencies that will be involved in this initiative."},
) )
class WorkingWithEOPYesNoForm(BaseDeletableRegistrarForm, BaseYesNoForm):
"""
Form for determining if the Federal Executive Branch (FEB) agency is working with the
Executive Office of the President (EOP) on the domain request.
"""
field_name = "working_with_eop"
@property
def form_is_checked(self):
"""
Determines the initial checked state of the form based on the domain_request's attributes.
"""
return self.domain_request.working_with_eop
class EOPContactForm(BaseDeletableRegistrarForm):
"""
Form for contact information of the representative of the
Executive Office of the President (EOP) that the Federal
Executive Branch (FEB) agency is working with.
"""
first_name = forms.CharField(
label="First name / given name",
error_messages={"required": "Enter the first name / given name of this contact."},
required=True,
)
last_name = forms.CharField(
label="Last name / family name",
error_messages={"required": "Enter the last name / family name of this contact."},
required=True,
)
email = forms.EmailField(
label="Email",
max_length=None,
error_messages={
"required": ("Enter an email address in the required format, like name@example.com."),
"invalid": ("Enter an email address in the required format, like name@example.com."),
},
validators=[
MaxLengthValidator(
320,
message="Response must be less than 320 characters.",
)
],
required=True,
help_text="Enter an email address in the required format, like name@example.com.",
)
@classmethod
def from_database(cls, obj):
return {
"first_name": obj.eop_stakeholder_first_name,
"last_name": obj.eop_stakeholder_last_name,
"email": obj.eop_stakeholder_email,
}
def to_database(self, obj):
# This function overrides the behavior of the BaseDeletableRegistrarForm.
# in order to preserve deletable functionality, we need to call the
# superclass's to_database method if the form is marked for deletion.
if self.form_data_marked_for_deletion:
super().to_database(obj)
return
if not self.is_valid():
return
obj.eop_stakeholder_first_name = self.cleaned_data["first_name"]
obj.eop_stakeholder_last_name = self.cleaned_data["last_name"]
obj.eop_stakeholder_email = self.cleaned_data["email"]
obj.save()
class FEBAnythingElseYesNoForm(BaseYesNoForm, BaseDeletableRegistrarForm):
"""Yes/no toggle for the anything else question on additional details"""
form_is_checked = property(lambda self: self.domain_request.has_anything_else_text) # type: ignore
field_name = "has_anything_else_text"

10
src/registrar/forms/portfolio.py
View file

@ -22,6 +22,7 @@ from registrar.models.utility.portfolio_helper import (
get_domains_display, get_domains_display,
get_members_description_display, get_members_description_display,
get_members_display, get_members_display,
get_portfolio_invitation_associations,
) )
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@ -459,7 +460,14 @@ class PortfolioNewMemberForm(BasePortfolioMemberForm):
if hasattr(e, "code"): if hasattr(e, "code"):
field = "email" if "email" in self.fields else None field = "email" if "email" in self.fields else None
if e.code == "has_existing_permissions": if e.code == "has_existing_permissions":
self.add_error(field, f"{self.instance.email} is already a member of another .gov organization.") existing_permissions, existing_invitations = get_portfolio_invitation_associations(self.instance)
same_portfolio_for_permissions = existing_permissions.exclude(portfolio=self.instance.portfolio)
same_portfolio_for_invitations = existing_invitations.exclude(portfolio=self.instance.portfolio)
if same_portfolio_for_permissions.exists() or same_portfolio_for_invitations.exists():
self.add_error(
field, f"{self.instance.email} is already a member of another .gov organization."
)
override_error = True override_error = True
elif e.code == "has_existing_invitations": elif e.code == "has_existing_invitations":
self.add_error( self.add_error(

1
src/registrar/forms/user_profile.py
View file

@ -60,6 +60,7 @@ class UserProfileForm(forms.ModelForm):
self.fields["email"].error_messages = { self.fields["email"].error_messages = {
"required": "Enter an email address in the required format, like name@example.com." "required": "Enter an email address in the required format, like name@example.com."
} }
self.fields["email"].widget.attrs["hide_character_count"] = "True"
self.fields["phone"].error_messages["required"] = "Enter your phone number." self.fields["phone"].error_messages["required"] = "Enter your phone number."
if self.instance and self.instance.phone: if self.instance and self.instance.phone:

38
src/registrar/migrations/0143_create_groups_v18.py Normal file
View file

@ -0,0 +1,38 @@
# This migration creates the create_full_access_group and create_cisa_analyst_group groups
# It is dependent on 0079 (which populates federal agencies)
# If permissions on the groups need changing, edit CISA_ANALYST_GROUP_PERMISSIONS
# in the user_group model then:
# [NOT RECOMMENDED]
# step 1: docker-compose exec app ./manage.py migrate --fake registrar 0035_contenttypes_permissions
# step 2: docker-compose exec app ./manage.py migrate registrar 0036_create_groups
# step 3: fake run the latest migration in the migrations list
# [RECOMMENDED]
# Alternatively:
# step 1: duplicate the migration that loads data
# step 2: docker-compose exec app ./manage.py migrate
from django.db import migrations
from registrar.models import UserGroup
from typing import Any
# For linting: RunPython expects a function reference,
# so let's give it one
def create_groups(apps, schema_editor) -> Any:
UserGroup.create_cisa_analyst_group(apps, schema_editor)
UserGroup.create_omb_analyst_group(apps, schema_editor)
UserGroup.create_full_access_group(apps, schema_editor)
class Migration(migrations.Migration):
dependencies = [
("registrar", "0142_domainrequest_feb_naming_requirements_and_more"),
]
operations = [
migrations.RunPython(
create_groups,
reverse_code=migrations.RunPython.noop,
atomic=True,
),
]

33
src/registrar/migrations/0144_domainrequest_eop_stakeholder_email_and_more.py Normal file
View file

@ -0,0 +1,33 @@
# Generated by Django 4.2.17 on 2025-03-17 20:44
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
("registrar", "0143_create_groups_v18"),
]
operations = [
migrations.AddField(
model_name="domainrequest",
name="eop_stakeholder_email",
field=models.EmailField(blank=True, max_length=254, null=True, verbose_name="EOP Stakeholder Email"),
),
migrations.AddField(
model_name="domainrequest",
name="eop_stakeholder_first_name",
field=models.CharField(blank=True, null=True, verbose_name="EOP Stakeholder First Name"),
),
migrations.AddField(
model_name="domainrequest",
name="eop_stakeholder_last_name",
field=models.CharField(blank=True, null=True, verbose_name="EOP Stakeholder Last Name"),
),
migrations.AddField(
model_name="domainrequest",
name="working_with_eop",
field=models.BooleanField(blank=True, null=True),
),
]

65
src/registrar/models/domain.py
View file

@ -662,7 +662,6 @@ class Domain(TimeStampedModel, DomainHelper):
oldDnssecdata = self.dnssecdata oldDnssecdata = self.dnssecdata
addDnssecdata: dict = {} addDnssecdata: dict = {}
remDnssecdata: dict = {} remDnssecdata: dict = {}
if _dnssecdata and _dnssecdata.dsData is not None: if _dnssecdata and _dnssecdata.dsData is not None:
# initialize addDnssecdata and remDnssecdata for dsData # initialize addDnssecdata and remDnssecdata for dsData
addDnssecdata["dsData"] = _dnssecdata.dsData addDnssecdata["dsData"] = _dnssecdata.dsData
@ -713,15 +712,15 @@ class Domain(TimeStampedModel, DomainHelper):
added_record = "dsData" in _addDnssecdata and _addDnssecdata["dsData"] is not None added_record = "dsData" in _addDnssecdata and _addDnssecdata["dsData"] is not None
deleted_record = "dsData" in _remDnssecdata and _remDnssecdata["dsData"] is not None deleted_record = "dsData" in _remDnssecdata and _remDnssecdata["dsData"] is not None
if added_record:
registry.send(addRequest, cleaned=True)
dsdata_change_log = f"{user_email} added a DS data record"
if deleted_record: if deleted_record:
registry.send(remRequest, cleaned=True) registry.send(remRequest, cleaned=True)
dsdata_change_log = f"{user_email} deleted a DS data record"
if added_record:
registry.send(addRequest, cleaned=True)
if dsdata_change_log != "": # if they add and remove a record at same time if dsdata_change_log != "": # if they add and remove a record at same time
dsdata_change_log = f"{user_email} added and deleted a DS data record" dsdata_change_log = f"{user_email} added and deleted a DS data record"
else: else:
dsdata_change_log = f"{user_email} deleted a DS data record" dsdata_change_log = f"{user_email} added a DS data record"
if dsdata_change_log != "": if dsdata_change_log != "":
self.dsdata_last_change = dsdata_change_log self.dsdata_last_change = dsdata_change_log
self.save() # audit log will now record this as a change self.save() # audit log will now record this as a change
@ -896,6 +895,7 @@ class Domain(TimeStampedModel, DomainHelper):
which inturn call this function) which inturn call this function)
Will throw error if contact type is not the same as expectType Will throw error if contact type is not the same as expectType
Raises ValueError if expected type doesn't match the contact type""" Raises ValueError if expected type doesn't match the contact type"""
if expectedType != contact.contact_type: if expectedType != contact.contact_type:
raise ValueError("Cannot set a contact with a different contact type, expected type was %s" % expectedType) raise ValueError("Cannot set a contact with a different contact type, expected type was %s" % expectedType)
@ -908,7 +908,6 @@ class Domain(TimeStampedModel, DomainHelper):
duplicate_contacts = PublicContact.objects.exclude(registry_id=contact.registry_id).filter( duplicate_contacts = PublicContact.objects.exclude(registry_id=contact.registry_id).filter(
domain=self, contact_type=contact.contact_type domain=self, contact_type=contact.contact_type
) )
# if no record exists with this contact type # if no record exists with this contact type
# make contact in registry, duplicate and errors handled there # make contact in registry, duplicate and errors handled there
errorCode = self._make_contact_in_registry(contact) errorCode = self._make_contact_in_registry(contact)
@ -987,6 +986,24 @@ class Domain(TimeStampedModel, DomainHelper):
logger.info("making technical contact") logger.info("making technical contact")
self._set_singleton_contact(contact, expectedType=contact.ContactTypeChoices.TECHNICAL) self._set_singleton_contact(contact, expectedType=contact.ContactTypeChoices.TECHNICAL)
def print_contact_info_epp(self, contact: PublicContact):
"""Prints registry data for this PublicContact for easier debugging"""
results = self._request_contact_info(contact, get_result_as_dict=True)
logger.info("---------------------")
logger.info(f"EPP info for {contact.contact_type}:")
logger.info("---------------------")
for key, value in results.items():
logger.info(f"{key}: {value}")
def print_all_domain_contact_info_epp(self):
"""Prints registry data for this domains security, registrant, technical, and administrative contacts."""
logger.info(f"Contact info for {self}:")
logger.info("=====================")
contacts = [self.security_contact, self.registrant_contact, self.technical_contact, self.administrative_contact]
for contact in contacts:
if contact:
self.print_contact_info_epp(contact)
def is_active(self) -> bool: def is_active(self) -> bool:
"""Currently just returns if the state is created, """Currently just returns if the state is created,
because then it should be live, theoretically. because then it should be live, theoretically.
@ -1367,10 +1384,14 @@ class Domain(TimeStampedModel, DomainHelper):
) )
return street_dict return street_dict
def _request_contact_info(self, contact: PublicContact): def _request_contact_info(self, contact: PublicContact, get_result_as_dict=False):
"""Grabs the resultant contact information in epp for this public contact
by using the InfoContact command.
Returns a commands.InfoContactResultData object, or a dict if get_result_as_dict is True."""
try: try:
req = commands.InfoContact(id=contact.registry_id) req = commands.InfoContact(id=contact.registry_id)
return registry.send(req, cleaned=True).res_data[0] result = registry.send(req, cleaned=True).res_data[0]
return result if not get_result_as_dict else vars(result)
except RegistryError as error: except RegistryError as error:
logger.error( logger.error(
"Registry threw error for contact id %s contact type is %s, error code is\n %s full error is %s", # noqa "Registry threw error for contact id %s contact type is %s, error code is\n %s full error is %s", # noqa
@ -1690,22 +1711,26 @@ class Domain(TimeStampedModel, DomainHelper):
return help_text return help_text
def _disclose_fields(self, contact: PublicContact): def _disclose_fields(self, contact: PublicContact):
"""creates a disclose object that can be added to a contact Create using """creates a disclose object that can be added to a contact Create or Update using
.disclose= <this function> on the command before sending. .disclose= <this function> on the command before sending.
if item is security email then make sure email is visible""" if item is security email then make sure email is visible"""
is_security = contact.contact_type == contact.ContactTypeChoices.SECURITY # You can find each enum here:
# https://github.com/cisagov/epplib/blob/master/epplib/models/common.py#L32
DF = epp.DiscloseField DF = epp.DiscloseField
fields = {DF.EMAIL} all_disclose_fields = {field for field in DF}
disclose_args = {"fields": all_disclose_fields, "flag": False, "types": {DF.ADDR: "loc", DF.NAME: "loc"}}
hidden_security_emails = [DefaultEmail.PUBLIC_CONTACT_DEFAULT.value, DefaultEmail.LEGACY_DEFAULT.value] fields_to_remove = {DF.NOTIFY_EMAIL, DF.VAT, DF.IDENT}
disclose = is_security and contact.email not in hidden_security_emails if contact.contact_type == contact.ContactTypeChoices.SECURITY:
# Delete after testing on other devices if contact.email not in DefaultEmail.get_all_emails():
logger.info("Updated domain contact %s to disclose: %s", contact.email, disclose) fields_to_remove.add(DF.EMAIL)
# Will only disclose DF.EMAIL if its not the default elif contact.contact_type == contact.ContactTypeChoices.ADMINISTRATIVE:
return epp.Disclose( fields_to_remove.update({DF.NAME, DF.EMAIL, DF.VOICE, DF.ADDR})
flag=disclose,
fields=fields, disclose_args["fields"].difference_update(fields_to_remove) # type: ignore
)
logger.debug("Updated domain contact %s to disclose: %s", contact.email, disclose_args.get("flag"))
return epp.Disclose(**disclose_args) # type: ignore
def _make_epp_contact_postal_info(self, contact: PublicContact): # type: ignore def _make_epp_contact_postal_info(self, contact: PublicContact): # type: ignore
return epp.PostalInfo( # type: ignore return epp.PostalInfo( # type: ignore

4
src/registrar/models/domain_information.py
View file

@ -449,7 +449,9 @@ class DomainInformation(TimeStampedModel):
def converted_federal_type(self): def converted_federal_type(self):
if self.portfolio: if self.portfolio:
return self.portfolio.federal_type return self.portfolio.federal_type
return self.federal_type elif self.federal_agency:
return self.federal_agency.federal_type
return None
@property @property
def converted_senior_official(self): def converted_senior_official(self):

27
src/registrar/models/domain_request.py
View file

@ -523,6 +523,29 @@ class DomainRequest(TimeStampedModel):
choices=FEBPurposeChoices.choices, choices=FEBPurposeChoices.choices,
) )
working_with_eop = models.BooleanField(
null=True,
blank=True,
)
eop_stakeholder_first_name = models.CharField(
null=True,
blank=True,
verbose_name="EOP Stakeholder First Name",
)
eop_stakeholder_last_name = models.CharField(
null=True,
blank=True,
verbose_name="EOP Stakeholder Last Name",
)
eop_stakeholder_email = models.EmailField(
null=True,
blank=True,
verbose_name="EOP Stakeholder Email",
)
# This field is alternately used for generic domain purpose explanations # This field is alternately used for generic domain purpose explanations
# and for explanations of the specific purpose chosen with feb_purpose_choice # and for explanations of the specific purpose chosen with feb_purpose_choice
# by a Federal Executive Branch agency. # by a Federal Executive Branch agency.
@ -1505,7 +1528,9 @@ class DomainRequest(TimeStampedModel):
def converted_federal_type(self): def converted_federal_type(self):
if self.portfolio: if self.portfolio:
return self.portfolio.federal_type return self.portfolio.federal_type
return self.federal_type elif self.federal_agency:
return self.federal_agency.federal_type
return None
@property @property
def converted_address_line1(self): def converted_address_line1(self):

31
src/registrar/models/public_contact.py
View file

@ -1,3 +1,4 @@
import logging
from datetime import datetime from datetime import datetime
from random import choices from random import choices
from string import ascii_uppercase, ascii_lowercase, digits from string import ascii_uppercase, ascii_lowercase, digits
@ -9,6 +10,9 @@ from registrar.utility.enums import DefaultEmail
from .utility.time_stamped_model import TimeStampedModel from .utility.time_stamped_model import TimeStampedModel
logger = logging.getLogger(__name__)
def get_id(): def get_id():
"""Generate a 16 character registry ID with a low probability of collision.""" """Generate a 16 character registry ID with a low probability of collision."""
day = datetime.today().strftime("%A")[:2] day = datetime.today().strftime("%A")[:2]
@ -92,15 +96,14 @@ class PublicContact(TimeStampedModel):
return cls( return cls(
contact_type=PublicContact.ContactTypeChoices.REGISTRANT, contact_type=PublicContact.ContactTypeChoices.REGISTRANT,
registry_id=get_id(), registry_id=get_id(),
name="CSD/CB Attn: Cameron Dixon", name="CSD/CB Attn: .gov TLD",
org="Cybersecurity and Infrastructure Security Agency", org="Cybersecurity and Infrastructure Security Agency",
street1="CISA NGR STOP 0645", street1="1110 N. Glebe Rd",
street2="1110 N. Glebe Rd.",
city="Arlington", city="Arlington",
sp="VA", sp="VA",
pc="20598-0645", pc="22201",
cc="US", cc="US",
email=DefaultEmail.PUBLIC_CONTACT_DEFAULT.value, email=DefaultEmail.PUBLIC_CONTACT_DEFAULT,
voice="+1.8882820870", voice="+1.8882820870",
pw="thisisnotapassword", pw="thisisnotapassword",
) )
@ -110,14 +113,14 @@ class PublicContact(TimeStampedModel):
return cls( return cls(
contact_type=PublicContact.ContactTypeChoices.ADMINISTRATIVE, contact_type=PublicContact.ContactTypeChoices.ADMINISTRATIVE,
registry_id=get_id(), registry_id=get_id(),
name="Program Manager", name="CSD/CB Attn: .gov TLD",
org="Cybersecurity and Infrastructure Security Agency", org="Cybersecurity and Infrastructure Security Agency",
street1="4200 Wilson Blvd.", street1="1110 N. Glebe Rd",
city="Arlington", city="Arlington",
sp="VA", sp="VA",
pc="22201", pc="22201",
cc="US", cc="US",
email=DefaultEmail.PUBLIC_CONTACT_DEFAULT.value, email=DefaultEmail.PUBLIC_CONTACT_DEFAULT,
voice="+1.8882820870", voice="+1.8882820870",
pw="thisisnotapassword", pw="thisisnotapassword",
) )
@ -127,14 +130,14 @@ class PublicContact(TimeStampedModel):
return cls( return cls(
contact_type=PublicContact.ContactTypeChoices.TECHNICAL, contact_type=PublicContact.ContactTypeChoices.TECHNICAL,
registry_id=get_id(), registry_id=get_id(),
name="Registry Customer Service", name="CSD/CB Attn: .gov TLD",
org="Cybersecurity and Infrastructure Security Agency", org="Cybersecurity and Infrastructure Security Agency",
street1="4200 Wilson Blvd.", street1="1110 N. Glebe Rd",
city="Arlington", city="Arlington",
sp="VA", sp="VA",
pc="22201", pc="22201",
cc="US", cc="US",
email=DefaultEmail.PUBLIC_CONTACT_DEFAULT.value, email=DefaultEmail.PUBLIC_CONTACT_DEFAULT,
voice="+1.8882820870", voice="+1.8882820870",
pw="thisisnotapassword", pw="thisisnotapassword",
) )
@ -144,14 +147,14 @@ class PublicContact(TimeStampedModel):
return cls( return cls(
contact_type=PublicContact.ContactTypeChoices.SECURITY, contact_type=PublicContact.ContactTypeChoices.SECURITY,
registry_id=get_id(), registry_id=get_id(),
name="Registry Customer Service", name="CSD/CB Attn: .gov TLD",
org="Cybersecurity and Infrastructure Security Agency", org="Cybersecurity and Infrastructure Security Agency",
street1="4200 Wilson Blvd.", street1="1110 N. Glebe Rd",
city="Arlington", city="Arlington",
sp="VA", sp="VA",
pc="22201", pc="22201",
cc="US", cc="US",
email=DefaultEmail.PUBLIC_CONTACT_DEFAULT.value, email=DefaultEmail.PUBLIC_CONTACT_DEFAULT,
voice="+1.8882820870", voice="+1.8882820870",
pw="thisisnotapassword", pw="thisisnotapassword",
) )

93
src/registrar/models/user_group.py
View file

@ -141,6 +141,99 @@ class UserGroup(Group):
except Exception as e: except Exception as e:
logger.error(f"Error creating analyst permissions group: {e}") logger.error(f"Error creating analyst permissions group: {e}")
def create_omb_analyst_group(apps, schema_editor):
"""This method gets run from a data migration."""
# Hard to pass self to these methods as the calls from migrations
# are only expecting apps and schema_editor, so we'll just define
# apps, schema_editor in the local scope instead
OMB_ANALYST_GROUP_PERMISSIONS = [
{
"app_label": "registrar",
"model": "domainrequest",
"permissions": ["change_domainrequest"],
},
{
"app_label": "registrar",
"model": "domain",
"permissions": ["view_domain"],
},
{
"app_label": "registrar",
"model": "domaininvitation",
"permissions": ["view_domaininvitation"],
},
{
"app_label": "registrar",
"model": "federalagency",
"permissions": ["view_federalagency"],
},
{
"app_label": "registrar",
"model": "portfolio",
"permissions": ["view_portfolio"],
},
{
"app_label": "registrar",
"model": "suborganization",
"permissions": ["view_suborganization"],
},
{
"app_label": "registrar",
"model": "seniorofficial",
"permissions": ["view_seniorofficial"],
},
]
# Avoid error: You can't execute queries until the end
# of the 'atomic' block.
# From django docs:
# https://docs.djangoproject.com/en/4.2/topics/migrations/#data-migrations
# We cant import the Person model directly as it may be a newer
# version than this migration expects. We use the historical version.
ContentType = apps.get_model("contenttypes", "ContentType")
Permission = apps.get_model("auth", "Permission")
UserGroup = apps.get_model("registrar", "UserGroup")
logger.info("Going to create the OMB Analyst Group")
try:
omb_analysts_group, _ = UserGroup.objects.get_or_create(
name="omb_analysts_group",
)
omb_analysts_group.permissions.clear()
for permission in OMB_ANALYST_GROUP_PERMISSIONS:
app_label = permission["app_label"]
model_name = permission["model"]
permissions = permission["permissions"]
# Retrieve the content type for the app and model
content_type = ContentType.objects.get(app_label=app_label, model=model_name)
# Retrieve the permissions based on their codenames
permissions = Permission.objects.filter(content_type=content_type, codename__in=permissions)
# Assign the permissions to the group
omb_analysts_group.permissions.add(*permissions)
# Convert the permissions QuerySet to a list of codenames
permission_list = list(permissions.values_list("codename", flat=True))
logger.debug(
app_label
+ " | "
+ model_name
+ " | "
+ ", ".join(permission_list)
+ " added to group "
+ omb_analysts_group.name
)
logger.debug("OMB Analyst permissions added to group " + omb_analysts_group.name)
except Exception as e:
logger.error(f"Error creating analyst permissions group: {e}")
def create_full_access_group(apps, schema_editor): def create_full_access_group(apps, schema_editor):
"""This method gets run from a data migration.""" """This method gets run from a data migration."""

68
src/registrar/models/utility/portfolio_helper.py
View file

@ -257,9 +257,6 @@ def validate_user_portfolio_permission(user_portfolio_permission):
Raises: Raises:
ValidationError: If any of the validation rules are violated. ValidationError: If any of the validation rules are violated.
""" """
PortfolioInvitation = apps.get_model("registrar.PortfolioInvitation")
UserPortfolioPermission = apps.get_model("registrar.UserPortfolioPermission")
has_portfolio = bool(user_portfolio_permission.portfolio_id) has_portfolio = bool(user_portfolio_permission.portfolio_id)
portfolio_permissions = set(user_portfolio_permission._get_portfolio_permissions()) portfolio_permissions = set(user_portfolio_permission._get_portfolio_permissions())
@ -286,8 +283,8 @@ def validate_user_portfolio_permission(user_portfolio_permission):
# == Validate the multiple_porfolios flag. == # # == Validate the multiple_porfolios flag. == #
if not flag_is_active_for_user(user_portfolio_permission.user, "multiple_portfolios"): if not flag_is_active_for_user(user_portfolio_permission.user, "multiple_portfolios"):
existing_permissions = UserPortfolioPermission.objects.exclude(id=user_portfolio_permission.id).filter( existing_permissions, existing_invitations = get_user_portfolio_permission_associations(
user=user_portfolio_permission.user user_portfolio_permission
) )
if existing_permissions.exists(): if existing_permissions.exists():
raise ValidationError( raise ValidationError(
@ -296,10 +293,6 @@ def validate_user_portfolio_permission(user_portfolio_permission):
code="has_existing_permissions", code="has_existing_permissions",
) )
existing_invitations = PortfolioInvitation.objects.filter(email=user_portfolio_permission.user.email).exclude(
Q(portfolio=user_portfolio_permission.portfolio)
| Q(status=PortfolioInvitation.PortfolioInvitationStatus.RETRIEVED)
)
if existing_invitations.exists(): if existing_invitations.exists():
raise ValidationError( raise ValidationError(
"This user is already assigned to a portfolio invitation. " "This user is already assigned to a portfolio invitation. "
@ -308,6 +301,32 @@ def validate_user_portfolio_permission(user_portfolio_permission):
) )
def get_user_portfolio_permission_associations(user_portfolio_permission):
"""
Retrieves the associations for a user portfolio invitation.
Returns:
A tuple:
(existing_permissions, existing_invitations)
where:
- existing_permissions: UserPortfolioPermission objects excluding the current permission.
- existing_invitations: PortfolioInvitation objects for the user email excluding
the current invitation and those with status RETRIEVED.
"""
PortfolioInvitation = apps.get_model("registrar.PortfolioInvitation")
UserPortfolioPermission = apps.get_model("registrar.UserPortfolioPermission")
existing_permissions = UserPortfolioPermission.objects.exclude(id=user_portfolio_permission.id).filter(
user=user_portfolio_permission.user
)
existing_invitations = PortfolioInvitation.objects.filter(
email__iexact=user_portfolio_permission.user.email
).exclude(
Q(portfolio=user_portfolio_permission.portfolio)
| Q(status=PortfolioInvitation.PortfolioInvitationStatus.RETRIEVED)
)
return (existing_permissions, existing_invitations)
def validate_portfolio_invitation(portfolio_invitation): def validate_portfolio_invitation(portfolio_invitation):
""" """
Validates a PortfolioInvitation instance. Located in portfolio_helper to avoid circular imports Validates a PortfolioInvitation instance. Located in portfolio_helper to avoid circular imports
@ -324,7 +343,6 @@ def validate_portfolio_invitation(portfolio_invitation):
Raises: Raises:
ValidationError: If any of the validation rules are violated. ValidationError: If any of the validation rules are violated.
""" """
PortfolioInvitation = apps.get_model("registrar.PortfolioInvitation")
UserPortfolioPermission = apps.get_model("registrar.UserPortfolioPermission") UserPortfolioPermission = apps.get_model("registrar.UserPortfolioPermission")
User = get_user_model() User = get_user_model()
@ -351,17 +369,12 @@ def validate_portfolio_invitation(portfolio_invitation):
) )
# == Validate the multiple_porfolios flag. == # # == Validate the multiple_porfolios flag. == #
user = User.objects.filter(email=portfolio_invitation.email).first() user = User.objects.filter(email__iexact=portfolio_invitation.email).first()
# If user returns None, then we check for global assignment of multiple_portfolios. # If user returns None, then we check for global assignment of multiple_portfolios.
# Otherwise we just check on the user. # Otherwise we just check on the user.
if not flag_is_active_for_user(user, "multiple_portfolios"): if not flag_is_active_for_user(user, "multiple_portfolios"):
existing_permissions = UserPortfolioPermission.objects.filter(user=user) existing_permissions, existing_invitations = get_portfolio_invitation_associations(portfolio_invitation)
existing_invitations = PortfolioInvitation.objects.filter(email=portfolio_invitation.email).exclude(
Q(id=portfolio_invitation.id) | Q(status=PortfolioInvitation.PortfolioInvitationStatus.RETRIEVED)
)
if existing_permissions.exists(): if existing_permissions.exists():
raise ValidationError( raise ValidationError(
"This user is already assigned to a portfolio. " "This user is already assigned to a portfolio. "
@ -377,6 +390,27 @@ def validate_portfolio_invitation(portfolio_invitation):
) )
def get_portfolio_invitation_associations(portfolio_invitation):
"""
Retrieves the associations for a portfolio invitation.
Returns:
A tuple:
(existing_permissions, existing_invitations)
where:
- existing_permissions: UserPortfolioPermission objects matching the email.
- existing_invitations: PortfolioInvitation objects for the email excluding
the current invitation and those with status RETRIEVED.
"""
PortfolioInvitation = apps.get_model("registrar.PortfolioInvitation")
UserPortfolioPermission = apps.get_model("registrar.UserPortfolioPermission")
existing_permissions = UserPortfolioPermission.objects.filter(user__email__iexact=portfolio_invitation.email)
existing_invitations = PortfolioInvitation.objects.filter(email__iexact=portfolio_invitation.email).exclude(
Q(id=portfolio_invitation.id) | Q(status=PortfolioInvitation.PortfolioInvitationStatus.RETRIEVED)
)
return (existing_permissions, existing_invitations)
def cleanup_after_portfolio_member_deletion(portfolio, email, user=None): def cleanup_after_portfolio_member_deletion(portfolio, email, user=None):
""" """
Cleans up after removing a portfolio member or a portfolio invitation. Cleans up after removing a portfolio member or a portfolio invitation.

28
src/registrar/registrar_middleware.py
View file

@ -222,3 +222,31 @@ class RestrictAccessMiddleware:
raise PermissionDenied # Deny access if the view lacks explicit permission handling raise PermissionDenied # Deny access if the view lacks explicit permission handling
return self.get_response(request) return self.get_response(request)
class RequestLoggingMiddleware:
"""
Middleware to log user email, remote address, and request path.
"""
def __init__(self, get_response):
self.get_response = get_response
def __call__(self, request):
response = self.get_response(request)
# Only log in production (stable)
if getattr(settings, "IS_PRODUCTION", False):
# Get user email (if authenticated), else "Anonymous"
user_email = request.user.email if request.user.is_authenticated else "Anonymous"
# Get remote IP address
remote_ip = request.META.get("REMOTE_ADDR", "Unknown IP")
# Get request path
request_path = request.path
# Log user information
logger.info(f"Router log | User: {user_email} | IP: {remote_ip} | Path: {request_path}")
return response

2
src/registrar/templates/admin/app_list.html
View file

@ -63,6 +63,7 @@
</table> </table>
</div> </div>
{% endfor %} {% endfor %}
{% if perms.registrar.analyst_access_permission or perms.full_access_permission %}
<div class="module"> <div class="module">
<table class="width-full"> <table class="width-full">
<caption class="text-bold">Analytics</caption> <caption class="text-bold">Analytics</caption>
@ -78,6 +79,7 @@
</tbody> </tbody>
</table> </table>
</div> </div>
{% endif %}
{% else %} {% else %}
<p>{% translate 'You dont have permission to view or edit anything.' %}</p> <p>{% translate 'You dont have permission to view or edit anything.' %}</p>
{% endif %} {% endif %}

8
src/registrar/templates/django/admin/domain_change_form.html
View file

@ -11,13 +11,15 @@
{% block field_sets %} {% block field_sets %}
<div class="display-flex flex-row flex-justify submit-row"> <div class="display-flex flex-row flex-justify submit-row">
<div class="flex-align-self-start button-list-mobile"> <div class="flex-align-self-start button-list-mobile">
{% if not adminform.form.is_omb_analyst %}
<input id="manageDomainSubmitButton" type="submit" value="Manage domain" name="_edit_domain"> <input id="manageDomainSubmitButton" type="submit" value="Manage domain" name="_edit_domain">
{# Dja has margin styles defined on inputs as is. Lets work with it, rather than fight it. #} {# Dja has margin styles defined on inputs as is. Lets work with it, rather than fight it. #}
<span class="mini-spacer"></span> <span class="mini-spacer"></span>
<input type="submit" value="Get registry status" name="_get_status"> <input type="submit" value="Get registry status" name="_get_status">
{% endif %}
</div> </div>
<div class="desktop:flex-align-self-end"> <div class="desktop:flex-align-self-end">
{% if original.state != original.State.DELETED %} {% if original.state != original.State.DELETED and not adminform.form.is_omb_analyst %}
<a class="text-middle" href="#toggle-extend-expiration-alert" aria-controls="toggle-extend-expiration-alert" data-open-modal> <a class="text-middle" href="#toggle-extend-expiration-alert" aria-controls="toggle-extend-expiration-alert" data-open-modal>
Extend expiration date Extend expiration date
</a> </a>
@ -31,9 +33,11 @@
<input type="submit" value="Remove hold" name="_remove_client_hold" class="custom-link-button"> <input type="submit" value="Remove hold" name="_remove_client_hold" class="custom-link-button">
{% endif %} {% endif %}
{% if original.state == original.State.READY or original.state == original.State.ON_HOLD %} {% if original.state == original.State.READY or original.state == original.State.ON_HOLD %}
{% if not adminform.form.is_omb_analyst %}
<span class="margin-left-05 margin-right-05 text-middle"> | </span> <span class="margin-left-05 margin-right-05 text-middle"> | </span>
{% endif %} {% endif %}
{% if original.state != original.State.DELETED %} {% endif %}
{% if original.state != original.State.DELETED and not adminform.form.is_omb_analyst %}
<a class="text-middle" href="#toggle-remove-from-registry" aria-controls="toggle-remove-from-registry" data-open-modal> <a class="text-middle" href="#toggle-remove-from-registry" aria-controls="toggle-remove-from-registry" data-open-modal>
Remove from registry Remove from registry
</a> </a>

6
src/registrar/templates/django/admin/includes/contact_detail_list.html
View file

@ -6,7 +6,11 @@
{% if show_formatted_name %} {% if show_formatted_name %}
{% if user.get_formatted_name %} {% if user.get_formatted_name %}
<a class="contact_info_name" href="{% url 'admin:registrar_contact_change' user.id %}">{{ user.get_formatted_name }}</a> {% if adminform.form.show_contact_as_plain_text %}
{{ user.get_formatted_name }}
{% else %}
<a class="contact_info_name" href="{% url 'admin:registrar_contact_change' user.id %}">{{ user.get_formatted_name }}</a>
{% endif %}
{% else %} {% else %}
None None
{% endif %} {% endif %}

16
src/registrar/templates/django/admin/includes/detail_table_fieldset.html
View file

@ -69,7 +69,11 @@ This is using a custom implementation fieldset.html (see admin/fieldset.html)
{% elif field.field.name == "portfolio_senior_official" %} {% elif field.field.name == "portfolio_senior_official" %}
<div class="readonly"> <div class="readonly">
{% if original_object.portfolio.senior_official %} {% if original_object.portfolio.senior_official %}
<a href="{% url 'admin:registrar_seniorofficial_change' original_object.portfolio.senior_official.id %}">{{ field.contents }}</a> {% if adminform.form.show_contact_as_plain_text %}
{{ field.contents|striptags }}
{% else %}
<a href="{% url 'admin:registrar_seniorofficial_change' original_object.portfolio.senior_official.id %}">{{ field.contents }}</a>
{% endif %}
{% else %} {% else %}
No senior official found.<br> No senior official found.<br>
{% endif %} {% endif %}
@ -78,7 +82,11 @@ This is using a custom implementation fieldset.html (see admin/fieldset.html)
{% if all_contacts.count > 2 %} {% if all_contacts.count > 2 %}
<div class="readonly"> <div class="readonly">
{% for contact in all_contacts %} {% for contact in all_contacts %}
<a href="{% url 'admin:registrar_contact_change' contact.id %}">{{ contact.get_formatted_name }}</a>{% if not forloop.last %}, {% endif %} {% if adminform.form.show_contact_as_plain_text %}
{{ contact.get_formatted_name }}{% if not forloop.last %}, {% endif %}
{% else %}
<a href="{% url 'admin:registrar_contact_change' contact.id %}">{{ contact.get_formatted_name }}</a>{% if not forloop.last %}, {% endif %}
{% endif %}
{% endfor %} {% endfor %}
</div> </div>
{% else %} {% else %}
@ -153,6 +161,10 @@ This is using a custom implementation fieldset.html (see admin/fieldset.html)
<p>No additional members found.</p> <p>No additional members found.</p>
{% endif %} {% endif %}
</div> </div>
{% elif field.field.name == "creator" and adminform.form.show_contact_as_plain_text %}
<div class="readonly">{{ field.contents|striptags }}</div>
{% elif field.field.name == "senior_official" and adminform.form.show_contact_as_plain_text %}
<div class="readonly">{{ field.contents|striptags }}</div>
{% else %} {% else %}
<div class="readonly">{{ field.contents }}</div> <div class="readonly">{{ field.contents }}</div>
{% endif %} {% endif %}

6
src/registrar/templates/django/admin/includes/portfolio/portfolio_admins_table.html
View file

@ -16,7 +16,11 @@
{% for admin in admins %} {% for admin in admins %}
{% url 'admin:registrar_userportfoliopermission_change' admin.pk as url %} {% url 'admin:registrar_userportfoliopermission_change' admin.pk as url %}
<tr> <tr>
<td><a href={{url}}>{{ admin.user.get_formatted_name}}</a></td> {% if adminform.form.is_omb_analyst %}
<td>{{ admin.user.get_formatted_name }}</td>
{% else %}
<td><a href={{url}}>{{ admin.user.get_formatted_name}}</a></td>
{% endif %}
<td>{{ admin.user.title }}</td> <td>{{ admin.user.title }}</td>
<td> <td>
{% if admin.user.email %} {% if admin.user.email %}

3
src/registrar/templates/django/admin/includes/portfolio/portfolio_fieldset.html
View file

@ -30,6 +30,9 @@
<a href={{ url }}>No senior official found. Create one now.</a> <a href={{ url }}>No senior official found. Create one now.</a>
</div> </div>
{% endif %} {% endif %}
{% elif field.field.name == "creator" and adminform.form.show_contact_as_plain_text %}
<div class="readonly">{{ field.contents|striptags }}</div>
{% else %} {% else %}
<div class="readonly">{{ field.contents }}</div> <div class="readonly">{{ field.contents }}</div>
{% endif %} {% endif %}

2
src/registrar/templates/django/forms/widgets/textarea.html
View file

@ -1,5 +1,5 @@
<textarea <textarea
name="{{ widget.name }}" name="{{ widget.name }}"
class="usa-textarea usa-character-count__field {{ widget.attrs.class }}" class="usa-textarea{% if classes %} {{ classes }}{% endif %}{% if not widget.attrs.hide_character_count %} usa-character-count__field{% endif %} {{ widget.attrs.class }}"
{% include "django/forms/widgets/attrs.html" %} {% include "django/forms/widgets/attrs.html" %}
>{% if widget.value %}{{ widget.value }}{% endif %}</textarea> >{% if widget.value %}{{ widget.value }}{% endif %}</textarea>

4
src/registrar/templates/domain_base.html
View file

@ -9,7 +9,7 @@
<div class="grid-container grid-container--widescreen"> <div class="grid-container grid-container--widescreen">
<div class="grid-row grid-gap {% if not is_widescreen_centered %}max-width--grid-container{% endif %}"> <div class="grid-row grid-gap {% if not is_widescreen_centered %}max-width--grid-container{% endif %}">
<div class="tablet:grid-col-3 "> <div class="tablet:grid-col-3 grid-col--sidenav">
<p class="font-body-md margin-top-0 margin-bottom-2 <p class="font-body-md margin-top-0 margin-bottom-2
text-primary-darker text-semibold string-wrap" text-primary-darker text-semibold string-wrap"
> >
@ -21,7 +21,7 @@
{% endif %} {% endif %}
</div> </div>
<div class="tablet:grid-col-9"> <div class="tablet:grid-col">
<main id="main-content" class="grid-container"> <main id="main-content" class="grid-container">
{% if not domain.domain_info %} {% if not domain.domain_info %}
<div class="usa-alert usa-alert--error margin-bottom-2"> <div class="usa-alert usa-alert--error margin-bottom-2">

458
src/registrar/templates/domain_dsdata.html
View file

@ -34,122 +34,376 @@
{% endif %} {% endif %}
{% endblock breadcrumb %} {% endblock breadcrumb %}
{% if domain.dnssecdata is None %} <div class="grid-row grid-gap">
<div class="usa-alert usa-alert--info usa-alert--slim margin-bottom-3"> <div class="tablet:grid-col-6">
<div class="usa-alert__body"> <h1 class="tablet:margin-bottom-1" id="domain-dsdata">DS data</h1>
You have no DS data added. Enable DNSSEC by adding DS data. </div>
<div class="tablet:grid-col-6 text-right--tablet">
<button type="button" class="usa-button margin-bottom-1 tablet:float-right" id="dsdata-add-button">
Add DS data
</button>
</div> </div>
</div> </div>
<p>In order to enable DNSSEC, you must first configure it with your DNS provider.</p>
<p>Click “Add DS data” and enter the values given by your DNS provider for DS (Delegation Signer) data. You can add a maximum of 8 DS records.</p>
{% comment %}
This template supports the rendering of three different DS data forms, conditionally displayed:
1 - Add DS Data form (rendered when there are no existing DS data records defined for the domain)
2 - DS Data table (rendered when the domain has existing DS data, which can be viewed and edited)
3 - Add DS Data form (rendered above the DS Data table to add a single additional DS Data record)
{% endcomment %}
{% if formset.initial and formset.forms.0.initial %}
{% comment %}This section renders both the DS Data table and the Add DS Data form {% endcomment %}
{% include "includes/required_fields.html" %}
<form class="usa-form usa-form--extra-large ds-data-form" method="post" novalidate id="form-container">
{% csrf_token %}
{{ formset.management_form }}
{% for form in formset %}
{% if forloop.last and not form.initial %}
{% comment %}
This section renders the Add DS data form.
This section does not render if the last form has initial data (this occurs if 8 DS data records already exist)
{% endcomment %}
<section class="add-dsdata-form display-none section-outlined section-outlined--extra-padding">
<h2 class="margin-top-0">Add DS record</h2>
<div class="repeatable-form">
<div class="grid-row grid-gap-2 flex-end">
<div class="tablet:grid-col-4">
{% with sublabel_text="Numbers (0-9) only." %}
{% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
{% input_with_errors form.key_tag %}
{% endwith %}
{% endwith %}
</div>
<div class="tablet:grid-col-4">
{% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
{% input_with_errors form.algorithm %}
{% endwith %}
</div>
<div class="tablet:grid-col-4">
{% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
{% input_with_errors form.digest_type %}
{% endwith %}
</div>
</div>
<div class="grid-row">
<div class="grid-col">
{% with sublabel_text="Numbers (0-9) and letters (a-f) only. SHA-1: 40 chars, SHA-256: 64 chars." %}
{% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
{% input_with_errors form.digest %}
{% endwith %}
{% endwith %}
</div>
</div>
</div>
<div class="margin-top-2">
<button
type="button"
class="usa-button usa-button--outline dsdata-cancel-add-form"
name="btn-cancel-click"
aria-label="Reset the data in the DS records to the registry state (undo changes)"
>Cancel
</button>
<button
id="save-ds-data"
type="submit"
class="usa-button"
>Save
</button>
</div>
</section>
{% endif %}
{% endfor %}
<div class="usa-table-container--scrollable usa-table-container--override-overflow usa-table-container--override-scrollable padding-top-5 margin-top-0" tabindex="0">
<table class="usa-table usa-table--borderless usa-table--stacked dotgov-table dotgov-table--stacked dotgov-table--cell-padding-2-2-2-0" id="dsdata-table">
<caption class="sr-only">Your DS data records</caption>
<thead>
<tr>
<th scope="col" role="columnheader" class="text-bottom">Key tag</th>
<th scope="col" role="columnheader" class="text-bottom">Algorithm</th>
<th scope="col" role="columnheader" class="text-bottom">Digest type</th>
<th scope="col" role="columnheader" class="text-bottom">Digest</th>
<th scope="col" role="columnheader" class="text-bottom width-0 padding-right-0">Action</th>
</tr>
</thead>
<tbody>
{% for form in formset %}
{% if not forloop.last or form.initial %}
{% comment %}
This section renders table rows for each existing DS data records. Two rows are rendered, a readonly row
and an edit row. Only one of which is displayed at a time.
{% endcomment %}
<!-- Readonly row -->
<tr class="view-only-row">
<td data-label="Key tag">{{ form.key_tag.value }}</td>
<td data-label="Algorithm">
<span class="ellipsis ellipsis--15">
{% for value, label in form.algorithm.field.choices %}
{% if value|stringformat:"s" == form.algorithm.value|stringformat:"s" %}
{{ label }}
{% endif %}
{% endfor %}
</span>
</td>
<td data-label="Digest type">
{% for value, label in form.digest_type.field.choices %}
{% if value|stringformat:"s" == form.digest_type.value|stringformat:"s" %}
{{ label }}
{% endif %}
{% endfor %}
</td>
<td data-label="Digest">
<span class="ellipsis ellipsis--23">{{ form.digest.value }}</span>
</td>
<td class="padding-right-0" data-label="Action">
<div class="tablet:display-flex tablet:flex-row">
<button type="button" class='usa-button usa-button--unstyled margin-right-2 margin-top-0 dsdata-edit'>
<svg class="usa-icon" aria-hidden="true" focusable="false" role="img" width="24">
<use xlink:href="/public/img/sprite.svg#edit"></use>
</svg>
Edit <span class="usa-sr-only">DS record {{forloop.counter}}</span>
</button>
<a
role="button"
id="button-trigger-delete-dsdata-{{ forloop.counter }}"
class="usa-button usa-button--unstyled text-underline late-loading-modal-trigger margin-top-2 line-height-sans-5 text-secondary visible-mobile-flex dsdata-delete-kebab"
>
<svg class="usa-icon" aria-hidden="true" focusable="false" role="img" width="24">
<use xlink:href="/public/img/sprite.svg#delete"></use>
</svg>
Delete
</a>
<div class="usa-accordion usa-accordion--more-actions margin-right-2 hidden-mobile-flex">
<div class="usa-accordion__heading">
<button
type="button"
class="usa-button usa-button--unstyled usa-button--with-icon usa-accordion__button usa-button--more-actions margin-top-2px"
aria-expanded="false"
aria-controls="more-actions-dsdata-{{ forloop.counter }}"
aria-label="More Actions for DS record {{ forloop.counter }}"
>
<svg class="usa-icon" aria-hidden="true" focusable="false" role="img" width="24">
<use xlink:href="/public/img/sprite.svg#more_vert"></use>
</svg>
</button>
</div>
<div id="more-actions-dsdata-{{ forloop.counter }}" class="usa-accordion__content usa-prose shadow-1 left-auto right-neg-1" hidden>
<h2>More options</h2>
<button
type="button"
class="usa-button usa-button--unstyled text-underline late-loading-modal-trigger line-height-sans-5 text-secondary dsdata-delete-kebab margin-top-2"
name="btn-delete-kebab-click"
aria-label="Delete DS record {{ forloop.counter }} from the registry"
>
Delete
</button>
</div>
</div>
</div>
</td>
</tr>
<!-- Edit row -->
<tr class="edit-row display-none">
<td class="text-bottom">
{% with sublabel_text="(0-65535)." %}
{% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error margin-top-0" use_small_sublabel_text=True inline_error_class="font-body-xs" %}
{% input_with_errors form.key_tag %}
{% endwith %}
{% endwith %}
</td>
<td class="text-bottom">
{% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error margin-top-0" use_small_sublabel_text=True inline_error_class="font-body-xs" %}
{% input_with_errors form.algorithm %}
{% endwith %}
</td>
<td class="text-bottom">
{% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error margin-top-0" use_small_sublabel_text=True inline_error_class="font-body-xs" %}
{% input_with_errors form.digest_type %}
{% endwith %}
</td>
<td class="text-bottom">
{% with sublabel_text="Numbers (0-9) and letters (a-f) only. SHA-1: 40 chars, SHA-256: 64 chars." %}
{% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error margin-top-0" use_small_sublabel_text=True inline_error_class="font-body-xs" %}
{% input_with_errors form.digest %}
{% endwith %}
{% endwith %}
</td>
<td class="padding-right-0 text-bottom" data-label="Action">
<button class="usa-button usa-button--unstyled display-block margin-top-1" type="submit">Save</button>
<button
type="button"
class="usa-button usa-button--unstyled display-block dsdata-cancel"
name="btn-cancel-click"
aria-label="Reset the data in the DS record form to the registry state (undo changes)"
>Cancel
</button>
<button
type="button"
class="usa-button usa-button--unstyled display-block text-secondary dsdata-delete"
name="btn-delete-click"
aria-label="Delete the DS record from the registry"
>Delete
</button>
<div class="display-none">{{ form.DELETE }}</div>
</td>
</tr>
{% endif %}
{% endfor %}
</tbody>
</table>
</div>
</form>
{% else %}
{% comment %}
This section renders Add DS Data form which renders when there are no existing
DS records defined on the domain.
{% endcomment %}
<div class="add-dsdata-form display-none">
{% include "includes/required_fields.html" %}
<section class="section-outlined section-outlined--extra-padding">
<form class="usa-form usa-form--extra-large" method="post" novalidate>
<h2>Add DS record</h2>
{% csrf_token %}
{{ formset.management_form }}
{% for form in formset %}
<div class="repeatable-form">
<div class="grid-row grid-gap-2 flex-end">
<div class="tablet:grid-col-4">
{% with sublabel_text="Numbers (0-9) only." %}
{% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
{% input_with_errors form.key_tag %}
{% endwith %}
{% endwith %}
</div>
<div class="tablet:grid-col-4">
{% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
{% input_with_errors form.algorithm %}
{% endwith %}
</div>
<div class="tablet:grid-col-4">
{% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
{% input_with_errors form.digest_type %}
{% endwith %}
</div>
</div>
<div class="grid-row">
<div class="grid-col">
{% with sublabel_text="Numbers (0-9) and letters (a-f) only. SHA-1: 40 chars, SHA-256: 64 chars." %}
{% with hide_character_count=True %}
{% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
{% input_with_errors form.digest %}
{% endwith %}
{% endwith %}
{% endwith %}
</div>
</div>
</div>
{% endfor %}
<div class="margin-top-2">
<button
type="button"
class="usa-button usa-button--outline dsdata-cancel-add-form"
name="btn-cancel-click"
aria-label="Reset the data in the DS records to the registry state (undo changes)"
>Cancel
</button>
<button
id="save-ds-data"
type="submit"
class="usa-button"
>Save
</button>
</div>
</form>
</section>
</div>
{% endif %} {% endif %}
<h1 id="domain-dsdata">DS data</h1>
<p>In order to enable DNSSEC, you must first configure it with your DNS hosting service.</p>
<p>Enter the values given by your DNS provider for DS data.</p>
{% include "includes/required_fields.html" %}
<form class="usa-form usa-form--extra-large ds-data-form" method="post" novalidate id="form-container">
{% csrf_token %}
{{ formset.management_form }}
{% for form in formset %}
<fieldset class="repeatable-form">
<legend class="sr-only">DS data record {{forloop.counter}}</legend>
<h2 class="margin-top-0">DS data record {{forloop.counter}}</h2>
<div class="grid-row grid-gap-2 flex-end">
<div class="tablet:grid-col-4">
{% with attr_required=True add_group_class="usa-form-group--unstyled-error" %}
{% input_with_errors form.key_tag %}
{% endwith %}
</div>
<div class="tablet:grid-col-4">
{% with attr_required=True add_group_class="usa-form-group--unstyled-error" %}
{% input_with_errors form.algorithm %}
{% endwith %}
</div>
<div class="tablet:grid-col-4">
{% with attr_required=True add_group_class="usa-form-group--unstyled-error" %}
{% input_with_errors form.digest_type %}
{% endwith %}
</div>
</div>
<div class="grid-row">
<div class="grid-col">
{% with attr_required=True add_group_class="usa-form-group--unstyled-error" %}
{% input_with_errors form.digest %}
{% endwith %}
</div>
</div>
<div class="grid-row margin-top-1">
<div class="grid-col">
<button type="button" id="button label" class="usa-button usa-button--unstyled usa-button--with-icon float-right-tablet delete-record text-secondary line-height-sans-5">
<svg class="usa-icon" aria-hidden="true" focusable="false" role="img" width="24" height="24">
<use xlink:href="{%static 'img/sprite.svg'%}#delete"></use>
</svg>Delete
<span class="sr-only">DS data record {{forloop.counter}}</span>
</button>
</div>
</div>
</fieldset>
{% endfor %}
<button type="button" class="usa-button usa-button--unstyled usa-button--with-icon margin-bottom-2" id="add-form">
<svg class="usa-icon" aria-hidden="true" focusable="false" role="img" width="24" height="24">
<use xlink:href="{%static 'img/sprite.svg'%}#add_circle"></use>
</svg>Add new record
</button>
<button
id="save-ds-data"
type="submit"
class="usa-button"
>Save
</button>
<button
type="submit"
class="usa-button usa-button--outline"
name="btn-cancel-click"
aria-label="Reset the data in the DS records to the registry state (undo changes)"
>Cancel
</button>
</form>
{% if trigger_modal %}
<a <a
id="ds-toggle-dnssec-alert" id="unsaved_changes_trigger"
href="#toggle-dnssec-alert" href="#unsaved-changes-modal"
class="usa-button usa-button--outline margin-top-1 display-none"
aria-controls="unsaved-changes-modal"
data-open-modal
>Trigger unsaved changes modal</a>
<div
class="usa-modal"
id="unsaved-changes-modal"
aria-labelledby="Are you sure you want to continue?"
aria-describedby="You have unsaved changes that will be lost."
>
{% include 'includes/modal.html' with modal_heading="Are you sure you want to continue?" modal_description="You have unsaved changes that will be lost." modal_button_id="unsaved-changes-click-button" modal_button_text="Continue without saving" cancel_button_text="Go back" %}
</div>
<a
id="cancel_changes_trigger"
href="#cancel-changes-modal"
class="usa-button usa-button--outline margin-top-1 display-none"
aria-controls="cancel-changes-modal"
data-open-modal
>Trigger cancel changes modal</a>
<div
class="usa-modal"
id="cancel-changes-modal"
aria-labelledby="Are you sure you want to cancel your changes?"
aria-describedby="This action cannot be undone."
>
{% include 'includes/modal.html' with modal_heading="Are you sure you want to cancel your changes?" modal_description="This action cannot be undone." modal_button_id="cancel-changes-click-button" modal_button_text="Yes, cancel" cancel_button_text="Go back" %}
</div>
<a
id="delete_trigger"
href="#delete-modal"
class="usa-button usa-button--outline margin-top-1 display-none"
aria-controls="delete-modal"
data-open-modal
>Trigger delete modal</a>
<div
class="usa-modal"
id="delete-modal"
aria-labelledby="Are you sure you want to delete this DS data record?"
aria-describedby="This action cannot be undone."
>
{% include 'includes/modal.html' with modal_heading="Are you sure you want to delete this DS data record?" modal_description="This action cannot be undone." modal_button_id="delete-click-button" modal_button_text="Yes, delete" modal_button_class="usa-button--secondary" %}
</div>
<a
id="disable_dnssec_trigger"
href="#disable-dnssec-modal"
class="usa-button usa-button--outline margin-top-1 display-none" class="usa-button usa-button--outline margin-top-1 display-none"
aria-controls="toggle-dnssec-alert" aria-controls="disable-dnssec-modal"
data-open-modal data-open-modal
>Trigger Disable DNSSEC Modal</a >Trigger Disable DNSSEC Modal</a
> >
{% endif %}
{# Use data-force-action to take esc out of the equation and pass cancel_button_resets_ds_form to effectuate a reset in the view #}
<div <div
class="usa-modal" class="usa-modal"
id="toggle-dnssec-alert" id="disable-dnssec-modal"
aria-labelledby="Are you sure you want to continue?" aria-labelledby="Are you sure you want to continue?"
aria-describedby="Your DNSSEC records will be deleted from the registry." aria-describedby="Your DNSSEC records will be deleted from the registry."
data-force-action
> >
{% include 'includes/modal.html' with cancel_button_resets_ds_form=True modal_heading="Warning: You are about to remove all DS records on your domain." modal_description="To fully disable DNSSEC: In addition to removing your DS records here, youll need to delete the DS records at your DNS host. To avoid causing your domain to appear offline, you should wait to delete your DS records at your DNS host until the Time to Live (TTL) expires. This is often less than 24 hours, but confirm with your provider." modal_button_id="disable-override-click-button" modal_button_text="Remove all DS data" modal_button_class="usa-button--secondary" %} {% include 'includes/modal.html' with modal_heading="Warning: You are about to remove all DS records on your domain." modal_description="To fully disable DNSSEC: In addition to removing your DS records here, youll need to delete the DS records at your DNS host. To avoid causing your domain to appear offline, you should wait to delete your DS records at your DNS host until the Time to Live (TTL) expires. This is often less than 24 hours, but confirm with your provider." modal_button_id="disable-dnssec-click-button" modal_button_text="Remove all DS data" modal_button_class="usa-button--secondary" %}
</div> </div>
<form method="post" id="disable-override-click-form">
{% csrf_token %}
<input type="hidden" name="disable-override-click" value="1">
</form>
<form method="post" id="btn-cancel-click-form">
{% csrf_token %}
<input type="hidden" name="btn-cancel-click" value="1">
</form>
{% endblock %} {# domain_content #} {% endblock %} {# domain_content #}

125
src/registrar/templates/domain_nameservers.html
View file

@ -82,7 +82,7 @@
This section does not render if the last form has initial data (this occurs if 13 nameservers already exist) This section does not render if the last form has initial data (this occurs if 13 nameservers already exist)
{% endcomment %} {% endcomment %}
<section class="add-nameservers-form display-none section-outlined"> <section class="add-nameservers-form display-none section-outlined section-outlined--extra-padding">
{{ form.domain }} {{ form.domain }}
<h2>Add a name server</h2> <h2>Add a name server</h2>
<div class="repeatable-form"> <div class="repeatable-form">
@ -121,7 +121,7 @@
<table class="usa-table usa-table--borderless usa-table--stacked dotgov-table dotgov-table--stacked" id="nameserver-table"> <table class="usa-table usa-table--borderless usa-table--stacked dotgov-table dotgov-table--stacked" id="nameserver-table">
<caption class="sr-only">Your registered domains</caption> <caption class="sr-only">Your Name server records</caption>
<thead> <thead>
<tr> <tr>
<th scope="col" role="columnheader">Name servers</th> <th scope="col" role="columnheader">Name servers</th>
@ -141,8 +141,8 @@
{{ form.domain }} {{ form.domain }}
<!-- Readonly row --> <!-- Readonly row -->
<tr> <tr>
<td colspan="2" aria-colspan="2">{{ form.server.value }} {% if form.ip.value %}({{ form.ip.value }}){% endif %}</td> <td colspan="2" aria-colspan="2" data-label="Name server (IP address)">{{ form.server.value }} {% if form.ip.value %}({{ form.ip.value }}){% endif %}</td>
<td class="padding-right-0"> <td class="padding-right-0" data-label="Action">
<div class="tablet:display-flex tablet:flex-row"> <div class="tablet:display-flex tablet:flex-row">
<button type="button" class='usa-button usa-button--unstyled margin-right-2 margin-top-0 nameserver-edit'> <button type="button" class='usa-button usa-button--unstyled margin-right-2 margin-top-0 nameserver-edit'>
<svg class="usa-icon" aria-hidden="true" focusable="false" role="img" width="24"> <svg class="usa-icon" aria-hidden="true" focusable="false" role="img" width="24">
@ -154,7 +154,7 @@
<a <a
role="button" role="button"
id="button-trigger-delete-{{ form.server.value }}" id="button-trigger-delete-{{ form.server.value }}"
class="usa-button usa-button--unstyled text-no-underline late-loading-modal-trigger margin-top-2 line-height-sans-5 text-secondary visible-mobile-flex nameserver-delete-kebab" class="usa-button usa-button--unstyled text-underline late-loading-modal-trigger margin-top-2 line-height-sans-5 text-secondary visible-mobile-flex nameserver-delete-kebab"
> >
<svg class="usa-icon" aria-hidden="true" focusable="false" role="img" width="24"> <svg class="usa-icon" aria-hidden="true" focusable="false" role="img" width="24">
<use xlink:href="/public/img/sprite.svg#delete"></use> <use xlink:href="/public/img/sprite.svg#delete"></use>
@ -166,12 +166,12 @@
<div class="usa-accordion__heading"> <div class="usa-accordion__heading">
<button <button
type="button" type="button"
class="usa-button usa-button--unstyled usa-button--with-icon usa-accordion__button usa-button--more-actions margin-top-0" class="usa-button usa-button--unstyled usa-button--with-icon usa-accordion__button usa-button--more-actions margin-top-2px"
aria-expanded="false" aria-expanded="false"
aria-controls="more-actions-{{ form.server.value }}" aria-controls="more-actions-{{ form.server.value }}"
aria-label="More Actions for ({{ form.server.value }})" aria-label="More Actions for ({{ form.server.value }})"
> >
<svg class="usa-icon top-2px" aria-hidden="true" focusable="false" role="img" width="24"> <svg class="usa-icon" aria-hidden="true" focusable="false" role="img" width="24">
<use xlink:href="/public/img/sprite.svg#more_vert"></use> <use xlink:href="/public/img/sprite.svg#more_vert"></use>
</svg> </svg>
</button> </button>
@ -180,7 +180,7 @@
<h2>More options</h2> <h2>More options</h2>
<button <button
type="button" type="button"
class="usa-button usa-button--unstyled text-no-underline late-loading-modal-trigger margin-top-2 line-height-sans-5 text-secondary nameserver-delete-kebab" class="usa-button usa-button--unstyled text-underline late-loading-modal-trigger margin-top-2 line-height-sans-5 text-secondary nameserver-delete-kebab"
name="btn-delete-kebab-click" name="btn-delete-kebab-click"
aria-label="Delete the name server from the registry" aria-label="Delete the name server from the registry"
> >
@ -206,7 +206,7 @@
{% input_with_errors form.ip %} {% input_with_errors form.ip %}
{% endwith %} {% endwith %}
</td> </td>
<td class="padding-right-0 text-bottom"> <td class="padding-right-0 text-bottom" data-label="Action">
<button class="usa-button usa-button--unstyled display-block margin-top-1" type="submit">Save</button> <button class="usa-button usa-button--unstyled display-block margin-top-1" type="submit">Save</button>
<button <button
@ -240,57 +240,58 @@
This section renders Add New Nameservers form which renders when there are no existing This section renders Add New Nameservers form which renders when there are no existing
nameservers defined on the domain. nameservers defined on the domain.
{% endcomment %} {% endcomment %}
<div class="add-nameservers-form display-none">
<section class="add-nameservers-form display-none section-outlined">
{% include "includes/required_fields.html" %} {% include "includes/required_fields.html" %}
<form class="usa-form usa-form--extra-large" method="post" novalidate> <section class="section-outlined section-outlined--extra-padding">
<h2>Add name servers</h2> <form class="usa-form usa-form--extra-large" method="post" novalidate>
{% csrf_token %} <h2>Add name servers</h2>
{{ formset.management_form }} {% csrf_token %}
{% for form in formset %} {{ formset.management_form }}
{{ form.domain }} {% for form in formset %}
<div class="repeatable-form"> {{ form.domain }}
<div class="grid-row grid-gap-2 flex-end minh-143px"> <div class="repeatable-form">
<div class="tablet:grid-col-6"> <div class="grid-row grid-gap-2 flex-end minh-143px">
{% with sublabel_text="Example: ns"|concat:forloop.counter|concat:".example.com" add_group_class="usa-form-group--unstyled-error margin-top-2" %} <div class="tablet:grid-col-6">
{% if forloop.counter <= 2 %} {% with sublabel_text="Example: ns"|concat:forloop.counter|concat:".example.com" add_group_class="usa-form-group--unstyled-error margin-top-2" %}
{# span_for_text will wrap the copy in s <span>, which we'll use in the JS for this component #} {% if forloop.counter <= 2 %}
{% with attr_required=True add_initial_value_attr=True span_for_text=True %} {# span_for_text will wrap the copy in s <span>, which we'll use in the JS for this component #}
{% input_with_errors form.server %} {% with attr_required=True add_initial_value_attr=True span_for_text=True %}
{% endwith %} {% input_with_errors form.server %}
{% else %}
{% with span_for_text=True add_initial_value_attr=True %}
{% input_with_errors form.server %}
{% endwith %} {% endwith %}
{% endif %} {% else %}
{% endwith %} {% with span_for_text=True add_initial_value_attr=True %}
</div> {% input_with_errors form.server %}
<div class="tablet:grid-col-6"> {% endwith %}
{% with attr_required=True add_initial_value_attr=True label_text=form.ip.label sublabel_text="Example: 86.124.49.54 or 2001:db8::1234:5678" add_aria_label="Name server "|concat:forloop.counter|concat:" "|concat:form.ip.label add_group_class="usa-form-group--unstyled-error margin-top-2" %} {% endif %}
{% input_with_errors form.ip %} {% endwith %}
{% endwith %} </div>
<div class="tablet:grid-col-6">
{% with attr_required=True add_initial_value_attr=True label_text=form.ip.label sublabel_text="Example: 86.124.49.54 or 2001:db8::1234:5678" add_aria_label="Name server "|concat:forloop.counter|concat:" "|concat:form.ip.label add_group_class="usa-form-group--unstyled-error margin-top-2" %}
{% input_with_errors form.ip %}
{% endwith %}
</div>
</div> </div>
</div> </div>
</div> {% endfor %}
{% endfor %}
<div class="margin-top-2"> <div class="margin-top-2">
<button <button
type="button" type="button"
class="usa-button usa-button--outline nameserver-cancel-add-form" class="usa-button usa-button--outline nameserver-cancel-add-form"
name="btn-cancel-click" name="btn-cancel-click"
aria-label="Reset the data in the name server form to the registry state (undo changes)" aria-label="Reset the data in the name server form to the registry state (undo changes)"
>Cancel >Cancel
</button> </button>
<button <button
type="submit" type="submit"
class="usa-button" class="usa-button"
>Save >Save
</button> </button>
</div> </div>
</form> </form>
</section> </section>
</div>
{% endif %} {% endif %}
@ -309,6 +310,22 @@
> >
{% include 'includes/modal.html' with modal_heading="Are you sure you want to continue?" modal_description="You have unsaved changes that will be lost." modal_button_id="unsaved-changes-click-button" modal_button_text="Continue without saving" cancel_button_text="Go back" %} {% include 'includes/modal.html' with modal_heading="Are you sure you want to continue?" modal_description="You have unsaved changes that will be lost." modal_button_id="unsaved-changes-click-button" modal_button_text="Continue without saving" cancel_button_text="Go back" %}
</div> </div>
<a
id="cancel_changes_trigger"
href="#cancel-changes-modal"
class="usa-button usa-button--outline margin-top-1 display-none"
aria-controls="cancel-changes-modal"
data-open-modal
>Trigger cancel changes modal</a>
<div
class="usa-modal"
id="cancel-changes-modal"
aria-labelledby="Are you sure you want to cancel your changes?"
aria-describedby="This action cannot be undone."
>
{% include 'includes/modal.html' with modal_heading="Are you sure you want to cancel your changes?" modal_description="This action cannot be undone." modal_button_id="cancel-changes-click-button" modal_button_text="Yes, cancel" cancel_button_text="Go back" %}
</div>
<a <a
id="delete_trigger" id="delete_trigger"

4
src/registrar/templates/domain_request_form.html
View file

@ -5,10 +5,10 @@
{% block content %} {% block content %}
<div class="grid-container grid-container--widescreen"> <div class="grid-container grid-container--widescreen">
<div class="grid-row grid-gap {% if not is_widescreen_centered %}max-width--grid-container{% endif %}"> <div class="grid-row grid-gap {% if not is_widescreen_centered %}max-width--grid-container{% endif %}">
<div class="tablet:grid-col-3"> <div class="tablet:grid-col-3 grid-col--sidenav">
{% include 'domain_request_sidebar.html' %} {% include 'domain_request_sidebar.html' %}
</div> </div>
<div class="tablet:grid-col-9"> <div class="tablet:grid-col">
<main id="main-content" class="grid-container register-form-step"> <main id="main-content" class="grid-container register-form-step">
<input type="hidden" class="display-none" id="wizard-domain-request-id" value="{{domain_request_id}}"/> <input type="hidden" class="display-none" id="wizard-domain-request-id" value="{{domain_request_id}}"/>
{% if steps.current == steps.first %} {% if steps.current == steps.first %}

45
src/registrar/templates/domain_request_requirements.html
View file

@ -4,7 +4,7 @@
{% block form_instructions %} {% block form_instructions %}
<p>Please read this page. Check the box at the bottom to show that you agree to the requirements for operating a .gov domain.</p> <p>Please read this page. Check the box at the bottom to show that you agree to the requirements for operating a .gov domain.</p>
<p>The .gov domain space exists to support a broad diversity of government missions. Generally, we dont review or audit how government organizations use their registered domains. However, misuse of a .gov domain can reflect upon the integrity of the entire .gov space. There are categories of misuse that are statutorily prohibited or abusive in nature.</p> <p>The .gov domain space exists to support a broad diversity of government missions. Generally, we dont review or audit how government organizations use their registered domains. However, misuse of a .gov domain can reflect upon the integrity of the entire .gov space. There are categories of misuse that are statutorily prohibited or abusive in nature.</p>
<h2>What you cant do with a .gov domain</h2> <h2>What you cant do with a .gov domain</h2>
@ -52,20 +52,41 @@
<p>.Gov domains are registered for a one-year period. To renew your domain, you'll be asked to verify your organizations eligibility and your contact information. </p> <p>.Gov domains are registered for a one-year period. To renew your domain, you'll be asked to verify your organizations eligibility and your contact information. </p>
<p>Though a domain may expire, it will not automatically be put on hold or deleted. Well make extensive efforts to contact your organization before holding or deleting a domain.</p> <p>Though a domain may expire, it will not automatically be put on hold or deleted. Well make extensive efforts to contact your organization before holding or deleting a domain.</p>
{% endblock %}
{% endblock %} {% block form_required_fields_help_text %}
{# commented out so it does not appear on this page #}
{% endblock %}
{% block form_fields %}
{% if requires_feb_questions %}
<h2>Required and prohibited activities</h2>
<h3>Prohibitions on non-governmental use</h3>
{% block form_required_fields_help_text %} <p>Agencies may not use a .gov domain name:
{# commented out so it does not appear on this page #} <ul class="usa-list">
{% endblock %} <li>On behalf of a non-federal executive branch entity</li>
<li>For a non-governmental purpose</li>
{% block form_fields %} </ul>
<fieldset class="usa-fieldset"> </p>
<legend>
<h2>Acknowledgement of .gov domain requirements</h2>
</legend>
<h3>Compliance with the 21st Century IDEA Act is required</h3>
<p>As required by the DOTGOV Act, agencies must ensure
that any website or digital service that uses a .gov
domain name is in compliance with the
<a href="https://digital.gov/resources/delivering-digital-first-public-experience-act/" target="_blank" rel="noopener noreferrer">21st Century Integrated Digital Experience Act</a>.
and
<a href="https://bidenwhitehouse.gov/wp-content/uploads/2023/09/M-23-22-Delivering-a-Digital-First-Public-Experience.pdf" target="_blank" rel="noopener noreferrer">Guidance for Agencies</a>.
</p>
<h2>Acknowledgement of .gov domain requirements</h2>
{% input_with_errors forms.0.is_policy_acknowledged %} {% input_with_errors forms.0.is_policy_acknowledged %}
{% else %}
<fieldset class="usa-fieldset">
<legend>
<h2>Acknowledgement of .gov domain requirements</h2>
</legend>
</fieldset> {% input_with_errors forms.0.is_policy_acknowledged %}
</fieldset>
{% endif %}
{% endblock %} {% endblock %}

2
src/registrar/templates/domain_security_email.html
View file

@ -40,7 +40,7 @@
<button <button
type="submit" type="submit"
class="usa-button" class="usa-button"
>{% if form.security_email.value is None or form.security_email.value == "dotgov@cisa.dhs.gov" or form.security_email.value == "registrar@dotgov.gov"%}Add security email{% else %}Save{% endif %}</button> >{% if form.security_email.value is None or form.security_email.value == "dotgov@cisa.dhs.gov" or form.security_email.value == "registrar@dotgov.gov" or form.security_email.value == "help@get.gov"%}Add security email{% else %}Save{% endif %}</button>
</form> </form>
{% endblock %} {# domain_content #} {% endblock %} {# domain_content #}

2
src/registrar/templates/emails/domain_manager_deleted_notification.txt
View file

@ -5,7 +5,7 @@ A domain manager was removed from {{ domain.name }}.
REMOVED BY: {{ removed_by.email }} REMOVED BY: {{ removed_by.email }}
REMOVED ON: {{ date }} REMOVED ON: {{ date }}
MANAGER REMOVED: {{ manager_removed.email }} MANAGER REMOVED: {{ manager_removed_email }}
---------------------------------------------------------------- ----------------------------------------------------------------

34
src/registrar/templates/emails/portfolio_org_update_notification.txt Normal file
View file

@ -0,0 +1,34 @@
{% autoescape off %}{# In a text file, we don't want to have HTML entities escaped #}
Hi,{% if requested_user and requested_user.first_name %} {{ requested_user.first_name }}.{% endif %}
An update was made to your .gov organization.
ORGANIZATION: {{ portfolio }}
UPDATED BY: {{ editor.email }}
UPDATED ON: {{ date }}
INFORMATION UPDATED: {{ updated_info }}
You can view this update in the .gov registrar <https://manage.get.gov>.
----------------------------------------------------------------
WHY DID YOU RECEIVE THIS EMAIL?
You're listed as an admin for {{ portfolio }}, so you'll receive a
notification whenever changes are made to that .gov organization.
If you have questions or concerns, reach out to the person who made the change or reply
to this email.
THANK YOU
.Gov helps the public identify official, trusted information. Thank you for using a .gov
domain.
----------------------------------------------------------------
The .gov team
Contact us: <https://get.gov/contact/>
Learn about .gov <https://get.gov>
The .gov registry is a part of the Cybersecurity and Infrastructure Security Agency
(CISA) <https://cisa.gov/>
{% endautoescape %}

1
src/registrar/templates/emails/portfolio_org_update_notification_subject.txt Normal file
View file

@ -0,0 +1 @@
An update was made to your .gov organization

2
src/registrar/templates/emails/transition_domain_invitation.txt
View file

@ -57,7 +57,7 @@ THANK YOU
The .gov team The .gov team
.Gov blog <https://get.gov/updates/> .Gov blog <https://get.gov/updates/>
Domain management <{{ manage_url }}}> Domain management <{{ manage_url }}>
Get.gov <https://get.gov> Get.gov <https://get.gov>
The .gov registry is a part of the Cybersecurity and Infrastructure Security Agency (CISA) <https://cisa.gov/> The .gov registry is a part of the Cybersecurity and Infrastructure Security Agency (CISA) <https://cisa.gov/>

2
src/registrar/templates/includes/finish_profile_form.html
View file

@ -62,7 +62,7 @@
{% with link_href=login_help_url %} {% with link_href=login_help_url %}
{% with sublabel_text="We recommend using a Login.gov account that's only connected to your work email address. If you need to change your email, you'll need to make a change to your Login.gov account. Get help with updating your email address." %} {% with sublabel_text="We recommend using a Login.gov account that's only connected to your work email address. If you need to change your email, you'll need to make a change to your Login.gov account. Get help with updating your email address." %}
{% with link_text="Get help with updating your email address" target_blank=True do_not_show_max_chars=True %} {% with link_text="Get help with updating your email address" target_blank=True %}
{% input_with_errors form.email %} {% input_with_errors form.email %}
{% endwith %} {% endwith %}
{% endwith %} {% endwith %}

33
src/registrar/templates/includes/input_with_errors.html
View file

@ -7,8 +7,10 @@ error messages, if necessary.
{% load widget_tweaks %} {% load widget_tweaks %}
{% if widget.attrs.maxlength %} {% if widget.attrs.maxlength or field.widget_type == 'textarea' %}
<div class="usa-character-count"> {% if not widget.attrs.hide_character_count %}
<div class="usa-character-count">
{% endif %}
{% endif %} {% endif %}
{% if field.use_fieldset %} {% if field.use_fieldset %}
@ -35,7 +37,7 @@ error messages, if necessary.
{% endif %} {% endif %}
{% if sublabel_text %} {% if sublabel_text %}
<p id="{{ widget.attrs.id }}__sublabel" class="text-base margin-top-2px margin-bottom-1"> <p id="{{ widget.attrs.id }}__sublabel" class="{% if use_small_sublabel_text %}font-body-xs {% endif %}text-base margin-top-2px margin-bottom-1">
{# If the link_text appears more than once, the first instance will be a link and the other instances will be ignored #} {# If the link_text appears more than once, the first instance will be a link and the other instances will be ignored #}
{% if link_text and link_text in sublabel_text %} {% if link_text and link_text in sublabel_text %}
{% with link_index=sublabel_text|find_index:link_text %} {% with link_index=sublabel_text|find_index:link_text %}
@ -52,11 +54,11 @@ error messages, if necessary.
{% if field.errors %} {% if field.errors %}
<div id="{{ widget.attrs.id }}__error-message"> <div id="{{ widget.attrs.id }}__error-message">
{% for error in field.errors %} {% for error in field.errors %}
<div class="usa-error-message display-flex" role="alert"> <div class="usa-error-message display-flex{% if inline_error_class %} {{ inline_error_class }}{% endif %}" role="alert">
<svg class="usa-icon usa-icon--large" focusable="true" role="img" aria-label="Error"> <svg class="usa-icon usa-icon--large" focusable="true" role="img" aria-label="Error">
<use xlink:href="{%static 'img/sprite.svg'%}#error"></use> <use xlink:href="{%static 'img/sprite.svg'%}#error"></use>
</svg> </svg>
<span class="margin-left-05">{{ error }}</span> <span class="margin-left-05 flex-1">{{ error }}</span>
</div> </div>
{% endfor %} {% endfor %}
</div> </div>
@ -92,14 +94,15 @@ error messages, if necessary.
</div> </div>
{% endif %} {% endif %}
{% if widget.attrs.maxlength and not do_not_show_max_chars %} {% if field.widget_type == 'textarea' or widget.attrs.maxlength %}
<span {% if not widget.attrs.hide_character_count %}
id="{{ widget.attrs.id }}__message" <span
class="usa-character-count__message" id="{{ widget.attrs.id }}__message"
aria-live="polite" class="usa-character-count__message"
> aria-live="polite"
You can enter up to {{ widget.attrs.maxlength }} characters >
</span> You can enter up to {{ widget.attrs.maxlength }} characters
</span>
</div> </div>
{% endif %}
{% endif %} {% endif %}

49
src/registrar/templates/includes/modal.html
View file

@ -58,18 +58,7 @@
{% endif %} {% endif %}
</li> </li>
<li class="usa-button-group__item"> <li class="usa-button-group__item">
{% comment %} The cancel button the DS form actually triggers a context change in the view, {% if not cancel_button_only %}
in addition to being a close modal hook {% endcomment %}
{% if cancel_button_resets_ds_form %}
<button
type="submit"
class="usa-button usa-button--unstyled padding-105 text-center"
id="btn-cancel-click-button"
data-close-modal
>
Cancel
</button>
{% elif not cancel_button_only %}
<button <button
type="button" type="button"
class="usa-button usa-button--unstyled padding-105 text-center" class="usa-button usa-button--unstyled padding-105 text-center"
@ -82,30 +71,14 @@
</ul> </ul>
</div> </div>
</div> </div>
{% comment %} The cancel button the DS form actually triggers a context change in the view, <button
in addition to being a close modal hook {% endcomment %} type="button"
{% if cancel_button_resets_ds_form %} class="usa-button usa-modal__close"
<button aria-label="Close this window"
type="submit" data-close-modal
class="usa-button usa-modal__close" >
aria-label="Close this window" <svg class="usa-icon" aria-hidden="true" focusable="false" role="img">
id="btn-cancel-click-close-button" <use xlink:href="{%static 'img/sprite.svg'%}#close"></use>
data-close-modal </svg>
> </button>
<svg class="usa-icon" aria-hidden="true" focusable="false" role="img">
<use xlink:href="{%static 'img/sprite.svg'%}#close"></use>
</svg>
</button>
{% else %}
<button
type="button"
class="usa-button usa-modal__close"
aria-label="Close this window"
data-close-modal
>
<svg class="usa-icon" aria-hidden="true" focusable="false" role="img">
<use xlink:href="{%static 'img/sprite.svg'%}#close"></use>
</svg>
</button>
{% endif %}
</div> </div>

2
src/registrar/templates/includes/profile_form.html
View file

@ -36,7 +36,7 @@
{% with sublabel_text="We recommend using a Login.gov account that's only connected to your work email address. If you need to change your email, you'll need to make a change to your Login.gov account. Get help with updating your email address." %} {% with sublabel_text="We recommend using a Login.gov account that's only connected to your work email address. If you need to change your email, you'll need to make a change to your Login.gov account. Get help with updating your email address." %}
{% with link_text="Get help with updating your email address" %} {% with link_text="Get help with updating your email address" %}
{% with target_blank=True %} {% with target_blank=True %}
{% with do_not_show_max_chars=True %} {% with hide_character_count=True %}
{% input_with_errors form.email %} {% input_with_errors form.email %}
{% endwith %} {% endwith %}
{% endwith %} {% endwith %}

60
src/registrar/templates/portfolio_domain_request_additional_details.html
View file

@ -6,16 +6,60 @@
{% endblock %} {% endblock %}
{% block form_fields %} {% block form_fields %}
{% if requires_feb_questions %}
{{forms.2.management_form}}
{{forms.3.management_form}}
{{forms.4.management_form}}
{{forms.5.management_form}}
<fieldset class="usa-fieldset">
<h2 class="margin-top-0 margin-bottom-0">Are you working with someone in the Executive Office of the President (EOP) on this request?</h2>
<p class="margin-bottom-0 margin-top-1">
<em>Select one. <abbr class="usa-hint usa-hint--required" title="required">*</abbr></em>
</p>
{% with add_class="usa-radio__input--tile" add_legend_class="usa-sr-only" %}
{% input_with_errors forms.0.working_with_eop %}
{% endwith %}
<fieldset class="usa-fieldset"> <div id="eop-contact-container" class="conditional-panel display-none">
<p class="margin-bottom-0 margin-top-1">
Provide the name and email of the person you're working with.<span class="usa-label--required">*</span>
</p>
{% with add_class="usa-radio__input--tile" add_legend_class="usa-sr-only" %}
{% input_with_errors forms.1.first_name %}
{% input_with_errors forms.1.last_name %}
{% input_with_errors forms.1.email %}
{% endwith %}
</div>
<h2 class="margin-top-0 margin-bottom-0">Is there anything else you'd like us to know about your domain request?</h2>
<p class="margin-bottom-0 margin-top-1">
<em>Select one. <abbr class="usa-hint usa-hint--required" title="required">*</abbr></em>
</p>
{% with add_class="usa-radio__input--tile" add_legend_class="usa-sr-only" %}
{% input_with_errors forms.2.has_anything_else_text %}
{% endwith %}
<div id="anything-else-details-container" class="conditional-panel display-none">
<p class="usa-label">
<em>Provide details below <span class="usa-label--required">*</span></em>
</p>
{% with add_label_class="usa-sr-only" attr_required="required" attr_maxlength="2000" %}
{% input_with_errors forms.3.anything_else %}
{% endwith %}
</div>
</fieldset>
{% else %}
<fieldset class="usa-fieldset">
<h2 class="margin-top-0 margin-bottom-0">Is there anything else youd like us to know about your domain request?</h2> <h2 class="margin-top-0 margin-bottom-0">Is there anything else youd like us to know about your domain request?</h2>
</legend> </legend>
</fieldset> </fieldset>
<div id="anything-else"> <div id="anything-else">
<p><em>This question is optional.</em></p> <p><em>This question is optional.</em></p>
{% with attr_maxlength=2000 add_label_class="usa-sr-only" %} {% with attr_maxlength=2000 add_label_class="usa-sr-only" %}
{% input_with_errors forms.0.anything_else %} {% input_with_errors forms.0.anything_else %}
{% endwith %} {% endwith %}
</div> </div>
{% endif %}
{% endblock %} {% endblock %}

4
src/registrar/templatetags/field_helpers.py
View file

@ -114,7 +114,7 @@ def input_with_errors(context, field=None): # noqa: C901
# do some work for various edge cases # do some work for various edge cases
if "maxlength" in attrs: if "maxlength" in attrs and "hide_character_count" not in attrs:
# associate the field programmatically with its hint text # associate the field programmatically with its hint text
described_by.append(f"{attrs['id']}__message") described_by.append(f"{attrs['id']}__message")
@ -175,7 +175,7 @@ def input_with_errors(context, field=None): # noqa: C901
# Conditionally add the data-initial-value attribute # Conditionally add the data-initial-value attribute
if context.get("add_initial_value_attr", False): if context.get("add_initial_value_attr", False):
attrs["data-initial-value"] = field.initial or "" attrs["data-initial-value"] = field.initial if field.initial is not None else ""
# ask Django to give us the widget dict # ask Django to give us the widget dict
# see Widget.get_context() on # see Widget.get_context() on

48
src/registrar/tests/common.py
View file

@ -1010,6 +1010,27 @@ def create_user(**kwargs):
return user return user
def create_omb_analyst_user(**kwargs):
"""Creates a analyst user with is_staff=True and the group cisa_analysts_group"""
User = get_user_model()
p = "userpass"
user = User.objects.create_user(
username=kwargs.get("username", "ombanalystuser"),
email=kwargs.get("email", "ombanalyst@example.com"),
first_name=kwargs.get("first_name", "first"),
last_name=kwargs.get("last_name", "last"),
is_staff=kwargs.get("is_staff", True),
title=kwargs.get("title", "title"),
password=kwargs.get("password", p),
phone=kwargs.get("phone", "8003111234"),
)
# Retrieve the group or create it if it doesn't exist
group, _ = UserGroup.objects.get_or_create(name="omb_analysts_group")
# Add the user to the group
user.groups.set([group])
return user
def create_test_user(): def create_test_user():
username = "test_user" username = "test_user"
first_name = "First" first_name = "First"
@ -1423,10 +1444,8 @@ class MockEppLib(TestCase):
], ],
) )
mockDefaultTechnicalContact = InfoDomainWithContacts.dummyInfoContactResultData( mockDefaultTechnicalContact = InfoDomainWithContacts.dummyInfoContactResultData("defaultTech", "help@get.gov")
"defaultTech", "dotgov@cisa.dhs.gov" mockDefaultSecurityContact = InfoDomainWithContacts.dummyInfoContactResultData("defaultSec", "help@get.gov")
)
mockDefaultSecurityContact = InfoDomainWithContacts.dummyInfoContactResultData("defaultSec", "dotgov@cisa.dhs.gov")
mockSecurityContact = InfoDomainWithContacts.dummyInfoContactResultData("securityContact", "security@mail.gov") mockSecurityContact = InfoDomainWithContacts.dummyInfoContactResultData("securityContact", "security@mail.gov")
mockTechnicalContact = InfoDomainWithContacts.dummyInfoContactResultData("technicalContact", "tech@mail.gov") mockTechnicalContact = InfoDomainWithContacts.dummyInfoContactResultData("technicalContact", "tech@mail.gov")
mockAdministrativeContact = InfoDomainWithContacts.dummyInfoContactResultData("adminContact", "admin@mail.gov") mockAdministrativeContact = InfoDomainWithContacts.dummyInfoContactResultData("adminContact", "admin@mail.gov")
@ -1941,14 +1960,23 @@ class MockEppLib(TestCase):
self.mockedSendFunction = self.mockSendPatch.start() self.mockedSendFunction = self.mockSendPatch.start()
self.mockedSendFunction.side_effect = self.mockSend self.mockedSendFunction.side_effect = self.mockSend
def _convertPublicContactToEpp(self, contact: PublicContact, disclose_email=False, createContact=True): def _convertPublicContactToEpp(
self,
contact: PublicContact,
disclose=False,
createContact=True,
disclose_fields=None,
disclose_types=None,
):
DF = common.DiscloseField DF = common.DiscloseField
fields = {DF.EMAIL} if disclose_fields is None:
fields = {DF.NOTIFY_EMAIL, DF.VAT, DF.IDENT, DF.EMAIL}
disclose_fields = {field for field in DF} - fields
di = common.Disclose( if disclose_types is None:
flag=disclose_email, disclose_types = {DF.ADDR: "loc", DF.NAME: "loc"}
fields=fields,
) di = common.Disclose(flag=disclose, fields=disclose_fields, types=disclose_types)
# check docs here looks like we may have more than one address field but # check docs here looks like we may have more than one address field but
addr = common.ContactAddr( addr = common.ContactAddr(

625
src/registrar/tests/test_admin.py
View file

@ -3,6 +3,7 @@ from django.utils import timezone
from django.test import TestCase, RequestFactory, Client from django.test import TestCase, RequestFactory, Client
from django.contrib.admin.sites import AdminSite from django.contrib.admin.sites import AdminSite
from registrar import models from registrar import models
from registrar.utility.constants import BranchChoices
from registrar.utility.email import EmailSendingError from registrar.utility.email import EmailSendingError
from registrar.utility.errors import MissingEmailError from registrar.utility.errors import MissingEmailError
from waffle.testutils import override_flag from waffle.testutils import override_flag
@ -57,6 +58,7 @@ from .common import (
MockDbForSharedTests, MockDbForSharedTests,
AuditedAdminMockData, AuditedAdminMockData,
completed_domain_request, completed_domain_request,
create_omb_analyst_user,
create_test_user, create_test_user,
generic_domain_object, generic_domain_object,
less_console_noise, less_console_noise,
@ -136,18 +138,25 @@ class TestDomainInvitationAdmin(WebTest):
csrf_checks = False csrf_checks = False
@classmethod @classmethod
def setUpClass(self): def setUpClass(cls):
super().setUpClass() super().setUpClass()
self.site = AdminSite() cls.site = AdminSite()
self.factory = RequestFactory() cls.factory = RequestFactory()
self.superuser = create_superuser()
def setUp(self): def setUp(self):
super().setUp() super().setUp()
self.superuser = create_superuser()
self.cisa_analyst = create_user()
self.omb_analyst = create_omb_analyst_user()
self.admin = ListHeaderAdmin(model=DomainInvitationAdmin, admin_site=AdminSite()) self.admin = ListHeaderAdmin(model=DomainInvitationAdmin, admin_site=AdminSite())
self.domain = Domain.objects.create(name="example.com") self.domain = Domain.objects.create(name="example.com")
self.fed_agency = FederalAgency.objects.create(
agency="New FedExec Agency", federal_type=BranchChoices.EXECUTIVE
)
self.portfolio = Portfolio.objects.create(organization_name="new portfolio", creator=self.superuser) self.portfolio = Portfolio.objects.create(organization_name="new portfolio", creator=self.superuser)
DomainInformation.objects.create(domain=self.domain, portfolio=self.portfolio, creator=self.superuser) self.domain_info = DomainInformation.objects.create(
domain=self.domain, portfolio=self.portfolio, creator=self.superuser
)
"""Create a client object""" """Create a client object"""
self.client = Client(HTTP_HOST="localhost:8080") self.client = Client(HTTP_HOST="localhost:8080")
self.client.force_login(self.superuser) self.client.force_login(self.superuser)
@ -159,10 +168,124 @@ class TestDomainInvitationAdmin(WebTest):
DomainInvitation.objects.all().delete() DomainInvitation.objects.all().delete()
DomainInformation.objects.all().delete() DomainInformation.objects.all().delete()
Portfolio.objects.all().delete() Portfolio.objects.all().delete()
self.fed_agency.delete()
Domain.objects.all().delete() Domain.objects.all().delete()
Contact.objects.all().delete() Contact.objects.all().delete()
User.objects.all().delete() User.objects.all().delete()
@less_console_noise_decorator
def test_analyst_view(self):
"""Ensure regular analysts can view domain invitations."""
invitation = DomainInvitation.objects.create(email="test@example.com", domain=self.domain)
self.client.force_login(self.cisa_analyst)
response = self.client.get(reverse("admin:registrar_domaininvitation_changelist"))
self.assertEqual(response.status_code, 200)
self.assertContains(response, invitation.email)
@less_console_noise_decorator
def test_omb_analyst_view_non_feb_domain(self):
"""Ensure OMB analysts cannot view non-federal domains."""
invitation = DomainInvitation.objects.create(email="test@example.com", domain=self.domain)
self.client.force_login(self.omb_analyst)
response = self.client.get(reverse("admin:registrar_domaininvitation_changelist"))
self.assertNotContains(response, invitation.email)
@less_console_noise_decorator
def test_omb_analyst_view_feb_domain(self):
"""Ensure OMB analysts can view federal executive branch domains."""
invitation = DomainInvitation.objects.create(email="test@example.com", domain=self.domain)
self.portfolio.organization_type = DomainRequest.OrganizationChoices.FEDERAL
self.portfolio.federal_agency = self.fed_agency
self.portfolio.save()
self.client.force_login(self.omb_analyst)
response = self.client.get(reverse("admin:registrar_domaininvitation_changelist"))
self.assertContains(response, invitation.email)
@less_console_noise_decorator
def test_superuser_view(self):
"""Ensure superusers can view domain invitations."""
invitation = DomainInvitation.objects.create(email="test@example.com", domain=self.domain)
response = self.client.get(reverse("admin:registrar_domaininvitation_changelist"))
self.assertEqual(response.status_code, 200)
self.assertContains(response, invitation.email)
@less_console_noise_decorator
def test_analyst_change(self):
"""Ensure regular analysts can view domain invitations but not update."""
invitation = DomainInvitation.objects.create(email="test@example.com", domain=self.domain)
self.client.force_login(self.cisa_analyst)
response = self.client.get(reverse("admin:registrar_domaininvitation_change", args=[invitation.id]))
self.assertEqual(response.status_code, 200)
self.assertContains(response, invitation.email)
# test whether fields are readonly or editable
self.assertNotContains(response, "id_domain")
self.assertNotContains(response, "id_email")
self.assertContains(response, "closelink")
self.assertNotContains(response, "Save")
self.assertNotContains(response, "Delete")
@less_console_noise_decorator
def test_omb_analyst_change_non_feb_domain(self):
"""Ensure OMB analysts cannot change non-federal domains."""
invitation = DomainInvitation.objects.create(email="test@example.com", domain=self.domain)
self.client.force_login(self.omb_analyst)
response = self.client.get(reverse("admin:registrar_domaininvitation_change", args=[invitation.id]))
self.assertEqual(response.status_code, 302)
@less_console_noise_decorator
def test_omb_analyst_change_feb_domain(self):
"""Ensure OMB analysts can view federal executive branch domains."""
invitation = DomainInvitation.objects.create(email="test@example.com", domain=self.domain)
# update domain
self.portfolio.organization_type = DomainRequest.OrganizationChoices.FEDERAL
self.portfolio.federal_agency = self.fed_agency
self.portfolio.save()
self.client.force_login(self.omb_analyst)
response = self.client.get(reverse("admin:registrar_domaininvitation_change", args=[invitation.id]))
self.assertEqual(response.status_code, 200)
self.assertContains(response, invitation.email)
# test whether fields are readonly or editable
self.assertNotContains(response, "id_domain")
self.assertNotContains(response, "id_email")
self.assertContains(response, "closelink")
self.assertNotContains(response, "Save")
self.assertNotContains(response, "Delete")
@less_console_noise_decorator
def test_superuser_change(self):
"""Ensure superusers can change domain invitations."""
invitation = DomainInvitation.objects.create(email="test@example.com", domain=self.domain)
response = self.client.get(reverse("admin:registrar_domaininvitation_change", args=[invitation.id]))
self.assertEqual(response.status_code, 200)
self.assertContains(response, invitation.email)
# test whether fields are readonly or editable
self.assertContains(response, "id_domain")
self.assertContains(response, "id_email")
self.assertNotContains(response, "closelink")
self.assertContains(response, "Save")
self.assertContains(response, "Delete")
@less_console_noise_decorator
def test_omb_analyst_filter_feb_domain(self):
"""Ensure OMB analysts can apply filters and only federal executive branch domains show."""
# create invitation on domain that is not FEB
invitation = DomainInvitation.objects.create(email="test@example.com", domain=self.domain)
self.client.force_login(self.omb_analyst)
response = self.client.get(
reverse("admin:registrar_domaininvitation_changelist"),
{"status": DomainInvitation.DomainInvitationStatus.INVITED},
)
self.assertNotContains(response, invitation.email)
# update domain
self.portfolio.organization_type = DomainRequest.OrganizationChoices.FEDERAL
self.portfolio.federal_agency = self.fed_agency
self.portfolio.save()
response = self.client.get(
reverse("admin:registrar_domaininvitation_changelist"),
{"status": DomainInvitation.DomainInvitationStatus.INVITED},
)
self.assertContains(response, invitation.email)
@less_console_noise_decorator @less_console_noise_decorator
def test_has_model_description(self): def test_has_model_description(self):
"""Tests if this model has a model description on the table view""" """Tests if this model has a model description on the table view"""
@ -1139,6 +1262,7 @@ class TestUserPortfolioPermissionAdmin(TestCase):
self.client = Client(HTTP_HOST="localhost:8080") self.client = Client(HTTP_HOST="localhost:8080")
self.superuser = create_superuser() self.superuser = create_superuser()
self.testuser = create_test_user() self.testuser = create_test_user()
self.omb_analyst = create_omb_analyst_user()
self.portfolio = Portfolio.objects.create(organization_name="Test Portfolio", creator=self.superuser) self.portfolio = Portfolio.objects.create(organization_name="Test Portfolio", creator=self.superuser)
def tearDown(self): def tearDown(self):
@ -1148,6 +1272,26 @@ class TestUserPortfolioPermissionAdmin(TestCase):
User.objects.all().delete() User.objects.all().delete()
UserPortfolioPermission.objects.all().delete() UserPortfolioPermission.objects.all().delete()
@less_console_noise_decorator
def test_omb_analyst_view(self):
"""Ensure OMB analysts cannot view user portfolio permissions list."""
self.client.force_login(self.omb_analyst)
response = self.client.get(reverse("admin:registrar_userportfoliopermission_changelist"))
self.assertEqual(response.status_code, 403)
@less_console_noise_decorator
def test_omb_analyst_change(self):
"""Ensure OMB analysts cannot change user portfolio permission."""
self.client.force_login(self.omb_analyst)
user_portfolio_permission, _ = UserPortfolioPermission.objects.get_or_create(
user=self.superuser, portfolio=self.portfolio, roles=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
)
response = self.client.get(
"/admin/registrar/userportfoliopermission/{}/change/".format(user_portfolio_permission.pk),
follow=True,
)
self.assertEqual(response.status_code, 403)
@less_console_noise_decorator @less_console_noise_decorator
def test_has_change_form_description(self): def test_has_change_form_description(self):
"""Tests if this model has a model description on the change form view""" """Tests if this model has a model description on the change form view"""
@ -1204,6 +1348,7 @@ class TestPortfolioInvitationAdmin(TestCase):
def setUp(self): def setUp(self):
"""Create a client object""" """Create a client object"""
self.client = Client(HTTP_HOST="localhost:8080") self.client = Client(HTTP_HOST="localhost:8080")
self.omb_analyst = create_omb_analyst_user()
self.portfolio = Portfolio.objects.create(organization_name="Test Portfolio", creator=self.superuser) self.portfolio = Portfolio.objects.create(organization_name="Test Portfolio", creator=self.superuser)
def tearDown(self): def tearDown(self):
@ -1217,6 +1362,26 @@ class TestPortfolioInvitationAdmin(TestCase):
def tearDownClass(self): def tearDownClass(self):
User.objects.all().delete() User.objects.all().delete()
@less_console_noise_decorator
def test_omb_analyst_view(self):
"""Ensure OMB analysts cannot view portfolio invitations list."""
self.client.force_login(self.omb_analyst)
response = self.client.get(reverse("admin:registrar_portfolioinvitation_changelist"))
self.assertEqual(response.status_code, 403)
@less_console_noise_decorator
def test_omb_analyst_change(self):
"""Ensure OMB analysts cannot change portfolio invitation."""
self.client.force_login(self.omb_analyst)
invitation, _ = PortfolioInvitation.objects.get_or_create(
email=self.superuser.email, portfolio=self.portfolio, roles=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
)
response = self.client.get(
"/admin/registrar/portfolioinvitation/{}/change/".format(invitation.pk),
follow=True,
)
self.assertEqual(response.status_code, 403)
@less_console_noise_decorator @less_console_noise_decorator
def test_has_model_description(self): def test_has_model_description(self):
"""Tests if this model has a model description on the table view""" """Tests if this model has a model description on the table view"""
@ -1791,6 +1956,8 @@ class TestHostAdmin(TestCase):
cls.factory = RequestFactory() cls.factory = RequestFactory()
cls.admin = MyHostAdmin(model=Host, admin_site=cls.site) cls.admin = MyHostAdmin(model=Host, admin_site=cls.site)
cls.superuser = create_superuser() cls.superuser = create_superuser()
cls.staffuser = create_user()
cls.omb_analyst = create_omb_analyst_user()
def setUp(self): def setUp(self):
"""Setup environment for a mock admin user""" """Setup environment for a mock admin user"""
@ -1806,6 +1973,20 @@ class TestHostAdmin(TestCase):
def tearDownClass(cls): def tearDownClass(cls):
User.objects.all().delete() User.objects.all().delete()
@less_console_noise_decorator
def test_analyst_view(self):
"""Ensure analysts cannot view hosts list."""
self.client.force_login(self.staffuser)
response = self.client.get(reverse("admin:registrar_host_changelist"))
self.assertEqual(response.status_code, 403)
@less_console_noise_decorator
def test_omb_analyst_view(self):
"""Ensure OMB analysts cannot view hosts list."""
self.client.force_login(self.omb_analyst)
response = self.client.get(reverse("admin:registrar_host_changelist"))
self.assertEqual(response.status_code, 403)
@less_console_noise_decorator @less_console_noise_decorator
def test_has_model_description(self): def test_has_model_description(self):
"""Tests if this model has a model description on the table view""" """Tests if this model has a model description on the table view"""
@ -1870,6 +2051,7 @@ class TestDomainInformationAdmin(TestCase):
cls.admin = DomainInformationAdmin(model=DomainInformation, admin_site=cls.site) cls.admin = DomainInformationAdmin(model=DomainInformation, admin_site=cls.site)
cls.superuser = create_superuser() cls.superuser = create_superuser()
cls.staffuser = create_user() cls.staffuser = create_user()
cls.omb_analyst = create_omb_analyst_user()
cls.mock_data_generator = AuditedAdminMockData() cls.mock_data_generator = AuditedAdminMockData()
cls.test_helper = GenericTestHelper( cls.test_helper = GenericTestHelper(
factory=cls.factory, factory=cls.factory,
@ -1881,12 +2063,24 @@ class TestDomainInformationAdmin(TestCase):
def setUp(self): def setUp(self):
self.client = Client(HTTP_HOST="localhost:8080") self.client = Client(HTTP_HOST="localhost:8080")
self.nonfeddomain = Domain.objects.create(name="nonfeddomain.com")
self.feddomain = Domain.objects.create(name="feddomain.com")
self.fed_agency = FederalAgency.objects.create(
agency="New FedExec Agency", federal_type=BranchChoices.EXECUTIVE
)
self.portfolio = Portfolio.objects.create(organization_name="new portfolio", creator=self.superuser)
self.domain_info = DomainInformation.objects.create(
domain=self.feddomain, portfolio=self.portfolio, creator=self.superuser
)
def tearDown(self): def tearDown(self):
"""Delete all Users, Domains, and UserDomainRoles""" """Delete all Users, Domains, and UserDomainRoles"""
DomainInformation.objects.all().delete() DomainInformation.objects.all().delete()
DomainRequest.objects.all().delete() DomainRequest.objects.all().delete()
Domain.objects.all().delete() Domain.objects.all().delete()
DomainInformation.objects.all().delete()
Portfolio.objects.all().delete()
self.fed_agency.delete()
Contact.objects.all().delete() Contact.objects.all().delete()
@classmethod @classmethod
@ -1894,6 +2088,56 @@ class TestDomainInformationAdmin(TestCase):
User.objects.all().delete() User.objects.all().delete()
SeniorOfficial.objects.all().delete() SeniorOfficial.objects.all().delete()
@less_console_noise_decorator
def test_analyst_view(self):
"""Ensure regular analysts cannot view domain information list."""
self.client.force_login(self.staffuser)
response = self.client.get(reverse("admin:registrar_domaininformation_changelist"))
self.assertEqual(response.status_code, 403)
@less_console_noise_decorator
def test_omb_analyst_view(self):
"""Ensure OMB analysts cannot view domain information list."""
self.client.force_login(self.omb_analyst)
response = self.client.get(reverse("admin:registrar_domaininformation_changelist"))
self.assertEqual(response.status_code, 403)
@less_console_noise_decorator
def test_superuser_view(self):
"""Ensure superusers can view domain information list."""
self.client.force_login(self.superuser)
response = self.client.get(reverse("admin:registrar_domaininformation_changelist"))
self.assertEqual(response.status_code, 200)
self.assertContains(response, self.feddomain.name)
@less_console_noise_decorator
def test_analyst_change(self):
"""Ensure regular analysts cannot view/edit domain information directly."""
self.client.force_login(self.staffuser)
response = self.client.get(
reverse("admin:registrar_domaininformation_change", args=[self.feddomain.domain_info.id])
)
self.assertEqual(response.status_code, 403)
@less_console_noise_decorator
def test_omb_analyst_change(self):
"""Ensure OMB analysts cannot view/edit domain information directly."""
self.client.force_login(self.omb_analyst)
response = self.client.get(
reverse("admin:registrar_domaininformation_change", args=[self.feddomain.domain_info.id])
)
self.assertEqual(response.status_code, 403)
@less_console_noise_decorator
def test_superuser_change(self):
"""Ensure superusers can view/change domain information directly."""
self.client.force_login(self.superuser)
response = self.client.get(
reverse("admin:registrar_domaininformation_change", args=[self.feddomain.domain_info.id])
)
self.assertEqual(response.status_code, 200)
self.assertContains(response, self.feddomain.name)
@less_console_noise_decorator @less_console_noise_decorator
def test_domain_information_senior_official_is_alphabetically_sorted(self): def test_domain_information_senior_official_is_alphabetically_sorted(self):
"""Tests if the senior offical dropdown is alphanetically sorted in the django admin display""" """Tests if the senior offical dropdown is alphanetically sorted in the django admin display"""
@ -2258,6 +2502,8 @@ class TestUserDomainRoleAdmin(WebTest):
cls.factory = RequestFactory() cls.factory = RequestFactory()
cls.admin = UserDomainRoleAdmin(model=UserDomainRole, admin_site=cls.site) cls.admin = UserDomainRoleAdmin(model=UserDomainRole, admin_site=cls.site)
cls.superuser = create_superuser() cls.superuser = create_superuser()
cls.staffuser = create_user()
cls.omb_analyst = create_omb_analyst_user()
cls.test_helper = GenericTestHelper( cls.test_helper = GenericTestHelper(
factory=cls.factory, factory=cls.factory,
user=cls.superuser, user=cls.superuser,
@ -2285,6 +2531,31 @@ class TestUserDomainRoleAdmin(WebTest):
super().tearDownClass() super().tearDownClass()
User.objects.all().delete() User.objects.all().delete()
@less_console_noise_decorator
def test_analyst_view(self):
"""Ensure analysts cannot view user domain roles list."""
self.client.force_login(self.staffuser)
response = self.client.get(reverse("admin:registrar_userdomainrole_changelist"))
self.assertEqual(response.status_code, 200)
@less_console_noise_decorator
def test_omb_analyst_view(self):
"""Ensure OMB analysts cannot view user domain roles list."""
self.client.force_login(self.omb_analyst)
response = self.client.get(reverse("admin:registrar_userdomainrole_changelist"))
self.assertEqual(response.status_code, 403)
@less_console_noise_decorator
def test_omb_analyst_change(self):
"""Ensure OMB analysts cannot view/edit user domain roles list."""
domain, _ = Domain.objects.get_or_create(name="anyrandomdomain.com")
user_domain_role, _ = UserDomainRole.objects.get_or_create(
user=self.superuser, domain=domain, role=[UserDomainRole.Roles.MANAGER]
)
self.client.force_login(self.omb_analyst)
response = self.client.get(reverse("admin:registrar_userdomainrole_change", args=[user_domain_role.id]))
self.assertEqual(response.status_code, 403)
@less_console_noise_decorator @less_console_noise_decorator
def test_has_model_description(self): def test_has_model_description(self):
"""Tests if this model has a model description on the table view""" """Tests if this model has a model description on the table view"""
@ -2580,6 +2851,7 @@ class TestMyUserAdmin(MockDbForSharedTests, WebTest):
cls.admin = MyUserAdmin(model=get_user_model(), admin_site=admin_site) cls.admin = MyUserAdmin(model=get_user_model(), admin_site=admin_site)
cls.superuser = create_superuser() cls.superuser = create_superuser()
cls.staffuser = create_user() cls.staffuser = create_user()
cls.omb_analyst = create_omb_analyst_user()
cls.test_helper = GenericTestHelper(admin=cls.admin) cls.test_helper = GenericTestHelper(admin=cls.admin)
def setUp(self): def setUp(self):
@ -2596,6 +2868,13 @@ class TestMyUserAdmin(MockDbForSharedTests, WebTest):
super().tearDownClass() super().tearDownClass()
User.objects.all().delete() User.objects.all().delete()
@less_console_noise_decorator
def test_omb_analyst_view(self):
"""Ensure OMB analysts cannot view users list."""
self.client.force_login(self.omb_analyst)
response = self.client.get(reverse("admin:registrar_user_changelist"))
self.assertEqual(response.status_code, 403)
@less_console_noise_decorator @less_console_noise_decorator
def test_has_model_description(self): def test_has_model_description(self):
"""Tests if this model has a model description on the table view""" """Tests if this model has a model description on the table view"""
@ -3221,6 +3500,7 @@ class TestContactAdmin(TestCase):
cls.admin = ContactAdmin(model=Contact, admin_site=None) cls.admin = ContactAdmin(model=Contact, admin_site=None)
cls.superuser = create_superuser() cls.superuser = create_superuser()
cls.staffuser = create_user() cls.staffuser = create_user()
cls.omb_analyst = create_omb_analyst_user()
def setUp(self): def setUp(self):
super().setUp() super().setUp()
@ -3236,6 +3516,13 @@ class TestContactAdmin(TestCase):
super().tearDownClass() super().tearDownClass()
User.objects.all().delete() User.objects.all().delete()
@less_console_noise_decorator
def test_omb_analyst_view(self):
"""Ensure OMB analysts cannot view contact list."""
self.client.force_login(self.omb_analyst)
response = self.client.get(reverse("admin:registrar_contact_changelist"))
self.assertEqual(response.status_code, 403)
@less_console_noise_decorator @less_console_noise_decorator
def test_has_model_description(self): def test_has_model_description(self):
"""Tests if this model has a model description on the table view""" """Tests if this model has a model description on the table view"""
@ -3282,6 +3569,7 @@ class TestVerifiedByStaffAdmin(TestCase):
super().setUpClass() super().setUpClass()
cls.site = AdminSite() cls.site = AdminSite()
cls.superuser = create_superuser() cls.superuser = create_superuser()
cls.omb_analyst = create_omb_analyst_user()
cls.admin = VerifiedByStaffAdmin(model=VerifiedByStaff, admin_site=cls.site) cls.admin = VerifiedByStaffAdmin(model=VerifiedByStaff, admin_site=cls.site)
cls.factory = RequestFactory() cls.factory = RequestFactory()
cls.test_helper = GenericTestHelper(admin=cls.admin) cls.test_helper = GenericTestHelper(admin=cls.admin)
@ -3299,18 +3587,20 @@ class TestVerifiedByStaffAdmin(TestCase):
super().tearDownClass() super().tearDownClass()
User.objects.all().delete() User.objects.all().delete()
@less_console_noise_decorator
def test_omb_analyst_view(self):
"""Ensure OMB analysts cannot view verified by staff list."""
self.client.force_login(self.omb_analyst)
response = self.client.get(reverse("admin:registrar_verifiedbystaff_changelist"))
self.assertEqual(response.status_code, 403)
@less_console_noise_decorator @less_console_noise_decorator
def test_has_model_description(self): def test_has_model_description(self):
"""Tests if this model has a model description on the table view""" """Tests if this model has a model description on the table view"""
self.client.force_login(self.superuser) self.client.force_login(self.superuser)
response = self.client.get( response = self.client.get(reverse("admin:registrar_verifiedbystaff_changelist"))
"/admin/registrar/verifiedbystaff/",
follow=True,
)
# Make sure that the page is loaded correctly # Make sure that the page is loaded correctly
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
# Test for a description snippet # Test for a description snippet
self.assertContains( self.assertContains(
response, "This table contains users who have been allowed to bypass " "identity proofing through Login.gov" response, "This table contains users who have been allowed to bypass " "identity proofing through Login.gov"
@ -3365,6 +3655,7 @@ class TestWebsiteAdmin(TestCase):
super().setUp() super().setUp()
self.site = AdminSite() self.site = AdminSite()
self.superuser = create_superuser() self.superuser = create_superuser()
self.omb_analyst = create_omb_analyst_user()
self.admin = WebsiteAdmin(model=Website, admin_site=self.site) self.admin = WebsiteAdmin(model=Website, admin_site=self.site)
self.factory = RequestFactory() self.factory = RequestFactory()
self.client = Client(HTTP_HOST="localhost:8080") self.client = Client(HTTP_HOST="localhost:8080")
@ -3375,15 +3666,18 @@ class TestWebsiteAdmin(TestCase):
Website.objects.all().delete() Website.objects.all().delete()
User.objects.all().delete() User.objects.all().delete()
@less_console_noise_decorator
def test_omb_analyst_view(self):
"""Ensure OMB analysts cannot view website list."""
self.client.force_login(self.omb_analyst)
response = self.client.get(reverse("admin:registrar_website_changelist"))
self.assertEqual(response.status_code, 403)
@less_console_noise_decorator @less_console_noise_decorator
def test_has_model_description(self): def test_has_model_description(self):
"""Tests if this model has a model description on the table view""" """Tests if this model has a model description on the table view"""
self.client.force_login(self.superuser) self.client.force_login(self.superuser)
response = self.client.get( response = self.client.get(reverse("admin:registrar_website_changelist"))
"/admin/registrar/website/",
follow=True,
)
# Make sure that the page is loaded correctly # Make sure that the page is loaded correctly
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
@ -3392,13 +3686,14 @@ class TestWebsiteAdmin(TestCase):
self.assertContains(response, "Show more") self.assertContains(response, "Show more")
class TestDraftDomain(TestCase): class TestDraftDomainAdmin(TestCase):
@classmethod @classmethod
def setUpClass(cls): def setUpClass(cls):
super().setUpClass() super().setUpClass()
cls.site = AdminSite() cls.site = AdminSite()
cls.superuser = create_superuser() cls.superuser = create_superuser()
cls.omb_analyst = create_omb_analyst_user()
cls.admin = DraftDomainAdmin(model=DraftDomain, admin_site=cls.site) cls.admin = DraftDomainAdmin(model=DraftDomain, admin_site=cls.site)
cls.factory = RequestFactory() cls.factory = RequestFactory()
cls.test_helper = GenericTestHelper(admin=cls.admin) cls.test_helper = GenericTestHelper(admin=cls.admin)
@ -3416,15 +3711,18 @@ class TestDraftDomain(TestCase):
super().tearDownClass() super().tearDownClass()
User.objects.all().delete() User.objects.all().delete()
@less_console_noise_decorator
def test_omb_analyst_view(self):
"""Ensure OMB analysts cannot view draft domain list."""
self.client.force_login(self.omb_analyst)
response = self.client.get(reverse("admin:registrar_draftdomain_changelist"))
self.assertEqual(response.status_code, 403)
@less_console_noise_decorator @less_console_noise_decorator
def test_has_model_description(self): def test_has_model_description(self):
"""Tests if this model has a model description on the table view""" """Tests if this model has a model description on the table view"""
self.client.force_login(self.superuser) self.client.force_login(self.superuser)
response = self.client.get( response = self.client.get(reverse("admin:registrar_draftdomain_changelist"))
"/admin/registrar/draftdomain/",
follow=True,
)
# Make sure that the page is loaded correctly # Make sure that the page is loaded correctly
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
@ -3435,13 +3733,21 @@ class TestDraftDomain(TestCase):
self.assertContains(response, "Show more") self.assertContains(response, "Show more")
class TestFederalAgency(TestCase): class TestFederalAgencyAdmin(TestCase):
@classmethod @classmethod
def setUpClass(cls): def setUpClass(cls):
super().setUpClass() super().setUpClass()
cls.site = AdminSite() cls.site = AdminSite()
cls.superuser = create_superuser() cls.superuser = create_superuser()
cls.staffuser = create_user()
cls.omb_analyst = create_omb_analyst_user()
cls.non_feb_agency = FederalAgency.objects.create(
agency="Fake judicial agency", federal_type=BranchChoices.JUDICIAL
)
cls.feb_agency = FederalAgency.objects.create(
agency="Fake executive agency", federal_type=BranchChoices.EXECUTIVE
)
cls.admin = FederalAgencyAdmin(model=FederalAgency, admin_site=cls.site) cls.admin = FederalAgencyAdmin(model=FederalAgency, admin_site=cls.site)
cls.factory = RequestFactory() cls.factory = RequestFactory()
cls.test_helper = GenericTestHelper(admin=cls.admin) cls.test_helper = GenericTestHelper(admin=cls.admin)
@ -3454,6 +3760,100 @@ class TestFederalAgency(TestCase):
super().tearDownClass() super().tearDownClass()
User.objects.all().delete() User.objects.all().delete()
@less_console_noise_decorator
def test_analyst_view(self):
"""Ensure regular analysts can view federal agencies."""
self.client.force_login(self.staffuser)
response = self.client.get(reverse("admin:registrar_federalagency_changelist"))
self.assertEqual(response.status_code, 200)
self.assertContains(response, self.non_feb_agency.agency)
self.assertContains(response, self.feb_agency.agency)
@less_console_noise_decorator
def test_omb_analyst_view(self):
"""Ensure OMB analysts can view FEB agencies but not other branches."""
self.client.force_login(self.omb_analyst)
response = self.client.get(reverse("admin:registrar_federalagency_changelist"))
self.assertEqual(response.status_code, 200)
self.assertNotContains(response, self.non_feb_agency.agency)
self.assertContains(response, self.feb_agency.agency)
@less_console_noise_decorator
def test_superuser_view(self):
"""Ensure superusers can view domain invitations."""
self.client.force_login(self.superuser)
response = self.client.get(reverse("admin:registrar_federalagency_changelist"))
self.assertEqual(response.status_code, 200)
self.assertContains(response, self.non_feb_agency.agency)
self.assertContains(response, self.feb_agency.agency)
@less_console_noise_decorator
def test_analyst_change(self):
"""Ensure regular analysts can view/edit federal agencies list."""
self.client.force_login(self.staffuser)
response = self.client.get(reverse("admin:registrar_federalagency_change", args=[self.non_feb_agency.id]))
self.assertEqual(response.status_code, 200)
response = self.client.get(reverse("admin:registrar_federalagency_change", args=[self.feb_agency.id]))
self.assertEqual(response.status_code, 200)
self.assertContains(response, self.feb_agency.agency)
# test whether fields are readonly or editable
self.assertContains(response, "id_agency")
self.assertContains(response, "id_federal_type")
self.assertContains(response, "id_acronym")
self.assertContains(response, "id_is_fceb")
self.assertNotContains(response, "closelink")
self.assertContains(response, "Save")
self.assertContains(response, "Delete")
@less_console_noise_decorator
def test_omb_analyst_change(self):
"""Ensure OMB analysts can change FEB agencies but not others."""
self.client.force_login(self.omb_analyst)
response = self.client.get(reverse("admin:registrar_federalagency_change", args=[self.non_feb_agency.id]))
self.assertEqual(response.status_code, 302)
response = self.client.get(reverse("admin:registrar_federalagency_change", args=[self.feb_agency.id]))
self.assertEqual(response.status_code, 200)
self.assertContains(response, self.feb_agency.agency)
# test whether fields are readonly or editable
self.assertNotContains(response, "id_agency")
self.assertNotContains(response, "id_federal_type")
self.assertNotContains(response, "id_acronym")
self.assertNotContains(response, "id_is_fceb")
self.assertContains(response, "closelink")
self.assertNotContains(response, "Save")
self.assertNotContains(response, "Delete")
@less_console_noise_decorator
def test_superuser_change(self):
"""Ensure superusers can change all federal agencies."""
self.client.force_login(self.superuser)
response = self.client.get(reverse("admin:registrar_federalagency_change", args=[self.non_feb_agency.id]))
self.assertEqual(response.status_code, 200)
response = self.client.get(reverse("admin:registrar_federalagency_change", args=[self.feb_agency.id]))
self.assertEqual(response.status_code, 200)
self.assertContains(response, self.feb_agency.agency)
# test whether fields are readonly or editable
self.assertContains(response, "id_agency")
self.assertContains(response, "id_federal_type")
self.assertContains(response, "id_acronym")
self.assertContains(response, "id_is_fceb")
self.assertNotContains(response, "closelink")
self.assertContains(response, "Save")
self.assertContains(response, "Delete")
@less_console_noise_decorator
def test_omb_analyst_filter_feb_agencies(self):
"""Ensure OMB analysts can apply filters and only federal agencies show."""
self.client.force_login(self.omb_analyst)
# in setup, created two agencies: Fake judicial agency and Fake executive agency
# only executive agency should show up with the search for 'fake'
response = self.client.get(
reverse("admin:registrar_federalagency_changelist"),
data={"q": "fake"},
)
self.assertNotContains(response, self.non_feb_agency.agency)
self.assertContains(response, self.feb_agency.agency)
@less_console_noise_decorator @less_console_noise_decorator
def test_has_model_description(self): def test_has_model_description(self):
"""Tests if this model has a model description on the table view""" """Tests if this model has a model description on the table view"""
@ -3471,11 +3871,12 @@ class TestFederalAgency(TestCase):
self.assertContains(response, "Show more") self.assertContains(response, "Show more")
class TestPublicContact(TestCase): class TestPublicContactAdmin(TestCase):
def setUp(self): def setUp(self):
super().setUp() super().setUp()
self.site = AdminSite() self.site = AdminSite()
self.superuser = create_superuser() self.superuser = create_superuser()
self.omb_analyst = create_omb_analyst_user()
self.admin = PublicContactAdmin(model=PublicContact, admin_site=self.site) self.admin = PublicContactAdmin(model=PublicContact, admin_site=self.site)
self.factory = RequestFactory() self.factory = RequestFactory()
self.client = Client(HTTP_HOST="localhost:8080") self.client = Client(HTTP_HOST="localhost:8080")
@ -3486,16 +3887,19 @@ class TestPublicContact(TestCase):
PublicContact.objects.all().delete() PublicContact.objects.all().delete()
User.objects.all().delete() User.objects.all().delete()
@less_console_noise_decorator
def test_omb_analyst_view(self):
"""Ensure OMB analysts cannot view public contact list."""
self.client.force_login(self.omb_analyst)
response = self.client.get(reverse("admin:registrar_publiccontact_changelist"))
self.assertEqual(response.status_code, 403)
@less_console_noise_decorator @less_console_noise_decorator
def test_has_model_description(self): def test_has_model_description(self):
"""Tests if this model has a model description on the table view""" """Tests if this model has a model description on the table view"""
p = "adminpass" p = "adminpass"
self.client.login(username="superuser", password=p) self.client.login(username="superuser", password=p)
response = self.client.get( response = self.client.get(reverse("admin:registrar_publiccontact_changelist"))
"/admin/registrar/publiccontact/",
follow=True,
)
# Make sure that the page is loaded correctly # Make sure that the page is loaded correctly
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
@ -3504,11 +3908,12 @@ class TestPublicContact(TestCase):
self.assertContains(response, "Show more") self.assertContains(response, "Show more")
class TestTransitionDomain(TestCase): class TestTransitionDomainAdmin(TestCase):
def setUp(self): def setUp(self):
super().setUp() super().setUp()
self.site = AdminSite() self.site = AdminSite()
self.superuser = create_superuser() self.superuser = create_superuser()
self.omb_analyst = create_omb_analyst_user()
self.admin = TransitionDomainAdmin(model=TransitionDomain, admin_site=self.site) self.admin = TransitionDomainAdmin(model=TransitionDomain, admin_site=self.site)
self.factory = RequestFactory() self.factory = RequestFactory()
self.client = Client(HTTP_HOST="localhost:8080") self.client = Client(HTTP_HOST="localhost:8080")
@ -3519,15 +3924,18 @@ class TestTransitionDomain(TestCase):
PublicContact.objects.all().delete() PublicContact.objects.all().delete()
User.objects.all().delete() User.objects.all().delete()
@less_console_noise_decorator
def test_omb_analyst_view(self):
"""Ensure OMB analysts cannot view transition domain list."""
self.client.force_login(self.omb_analyst)
response = self.client.get(reverse("admin:registrar_transitiondomain_changelist"))
self.assertEqual(response.status_code, 403)
@less_console_noise_decorator @less_console_noise_decorator
def test_has_model_description(self): def test_has_model_description(self):
"""Tests if this model has a model description on the table view""" """Tests if this model has a model description on the table view"""
self.client.force_login(self.superuser) self.client.force_login(self.superuser)
response = self.client.get( response = self.client.get(reverse("admin:registrar_transitiondomain_changelist"))
"/admin/registrar/transitiondomain/",
follow=True,
)
# Make sure that the page is loaded correctly # Make sure that the page is loaded correctly
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
@ -3536,11 +3944,12 @@ class TestTransitionDomain(TestCase):
self.assertContains(response, "Show more") self.assertContains(response, "Show more")
class TestUserGroup(TestCase): class TestUserGroupAdmin(TestCase):
def setUp(self): def setUp(self):
super().setUp() super().setUp()
self.site = AdminSite() self.site = AdminSite()
self.superuser = create_superuser() self.superuser = create_superuser()
self.omb_analyst = create_omb_analyst_user()
self.admin = UserGroupAdmin(model=UserGroup, admin_site=self.site) self.admin = UserGroupAdmin(model=UserGroup, admin_site=self.site)
self.factory = RequestFactory() self.factory = RequestFactory()
self.client = Client(HTTP_HOST="localhost:8080") self.client = Client(HTTP_HOST="localhost:8080")
@ -3550,15 +3959,18 @@ class TestUserGroup(TestCase):
super().tearDown() super().tearDown()
User.objects.all().delete() User.objects.all().delete()
@less_console_noise_decorator
def test_omb_analyst_view(self):
"""Ensure OMB analysts cannot view user group list."""
self.client.force_login(self.omb_analyst)
response = self.client.get(reverse("admin:registrar_usergroup_changelist"))
self.assertEqual(response.status_code, 403)
@less_console_noise_decorator @less_console_noise_decorator
def test_has_model_description(self): def test_has_model_description(self):
"""Tests if this model has a model description on the table view""" """Tests if this model has a model description on the table view"""
self.client.force_login(self.superuser) self.client.force_login(self.superuser)
response = self.client.get( response = self.client.get(reverse("admin:registrar_usergroup_changelist"))
"/admin/registrar/usergroup/",
follow=True,
)
# Make sure that the page is loaded correctly # Make sure that the page is loaded correctly
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
@ -3575,12 +3987,23 @@ class TestPortfolioAdmin(TestCase):
super().setUpClass() super().setUpClass()
cls.site = AdminSite() cls.site = AdminSite()
cls.superuser = create_superuser() cls.superuser = create_superuser()
cls.staffuser = create_user()
cls.omb_analyst = create_omb_analyst_user()
cls.admin = PortfolioAdmin(model=Portfolio, admin_site=cls.site) cls.admin = PortfolioAdmin(model=Portfolio, admin_site=cls.site)
cls.factory = RequestFactory() cls.factory = RequestFactory()
def setUp(self): def setUp(self):
self.client = Client(HTTP_HOST="localhost:8080") self.client = Client(HTTP_HOST="localhost:8080")
self.portfolio = Portfolio.objects.create(organization_name="Test Portfolio", creator=self.superuser) self.portfolio = Portfolio.objects.create(organization_name="Test portfolio", creator=self.superuser)
self.feb_agency = FederalAgency.objects.create(
agency="Test FedExec Agency", federal_type=BranchChoices.EXECUTIVE
)
self.feb_portfolio = Portfolio.objects.create(
organization_name="Test FEB portfolio",
creator=self.superuser,
federal_agency=self.feb_agency,
organization_type=DomainRequest.OrganizationChoices.FEDERAL,
)
def tearDown(self): def tearDown(self):
Suborganization.objects.all().delete() Suborganization.objects.all().delete()
@ -3588,8 +4011,118 @@ class TestPortfolioAdmin(TestCase):
DomainRequest.objects.all().delete() DomainRequest.objects.all().delete()
Domain.objects.all().delete() Domain.objects.all().delete()
Portfolio.objects.all().delete() Portfolio.objects.all().delete()
self.feb_agency.delete()
User.objects.all().delete() User.objects.all().delete()
@less_console_noise_decorator
def test_analyst_view(self):
"""Ensure regular analysts can view portfolios."""
self.client.force_login(self.staffuser)
response = self.client.get(reverse("admin:registrar_portfolio_changelist"))
self.assertEqual(response.status_code, 200)
self.assertContains(response, self.portfolio.organization_name)
self.assertContains(response, self.feb_portfolio.organization_name)
@less_console_noise_decorator
def test_omb_analyst_view(self):
"""Ensure OMB analysts can view FEB portfolios but not others."""
self.client.force_login(self.omb_analyst)
response = self.client.get(reverse("admin:registrar_portfolio_changelist"))
self.assertEqual(response.status_code, 200)
self.assertNotContains(response, self.portfolio.organization_name)
self.assertContains(response, self.feb_portfolio.organization_name)
@less_console_noise_decorator
def test_superuser_view(self):
"""Ensure superusers can view portfolios."""
self.client.force_login(self.superuser)
response = self.client.get(reverse("admin:registrar_portfolio_changelist"))
self.assertEqual(response.status_code, 200)
self.assertContains(response, self.portfolio.organization_name)
self.assertContains(response, self.feb_portfolio.organization_name)
@less_console_noise_decorator
def test_analyst_change(self):
"""Ensure regular analysts can view/edit portfolios."""
self.client.force_login(self.staffuser)
response = self.client.get(reverse("admin:registrar_portfolio_change", args=[self.portfolio.id]))
self.assertEqual(response.status_code, 200)
response = self.client.get(reverse("admin:registrar_portfolio_change", args=[self.feb_portfolio.id]))
self.assertEqual(response.status_code, 200)
self.assertContains(response, self.feb_portfolio.organization_name)
# test whether fields are readonly or editable
self.assertContains(response, "id_organization_name")
self.assertContains(response, "id_notes")
self.assertContains(response, "id_organization_type")
self.assertContains(response, "id_state_territory")
self.assertContains(response, "id_address_line1")
self.assertContains(response, "id_address_line2")
self.assertContains(response, "id_city")
self.assertContains(response, "id_zipcode")
self.assertContains(response, "id_urbanization")
self.assertNotContains(response, "closelink")
self.assertContains(response, "Save")
self.assertContains(response, "Delete")
@less_console_noise_decorator
def test_omb_analyst_change(self):
"""Ensure OMB analysts can change FEB portfolios but not others."""
self.client.force_login(self.omb_analyst)
response = self.client.get(reverse("admin:registrar_portfolio_change", args=[self.portfolio.id]))
self.assertEqual(response.status_code, 302)
response = self.client.get(reverse("admin:registrar_portfolio_change", args=[self.feb_portfolio.id]))
self.assertEqual(response.status_code, 200)
self.assertContains(response, self.feb_portfolio.organization_name)
# test whether fields are readonly or editable
self.assertNotContains(response, "id_organization_name")
self.assertNotContains(response, "id_notes")
self.assertNotContains(response, "id_organization_type")
self.assertNotContains(response, "id_state_territory")
self.assertNotContains(response, "id_address_line1")
self.assertNotContains(response, "id_address_line2")
self.assertNotContains(response, "id_city")
self.assertNotContains(response, "id_zipcode")
self.assertNotContains(response, "id_urbanization")
self.assertContains(response, "closelink")
self.assertNotContains(response, "Save")
self.assertNotContains(response, "Delete")
@less_console_noise_decorator
def test_superuser_change(self):
"""Ensure superusers can change all portfolios."""
self.client.force_login(self.superuser)
response = self.client.get(reverse("admin:registrar_portfolio_change", args=[self.portfolio.id]))
self.assertEqual(response.status_code, 200)
response = self.client.get(reverse("admin:registrar_portfolio_change", args=[self.feb_portfolio.id]))
self.assertEqual(response.status_code, 200)
self.assertContains(response, self.feb_portfolio.organization_name)
# test whether fields are readonly or editable
self.assertContains(response, "id_organization_name")
self.assertContains(response, "id_notes")
self.assertContains(response, "id_organization_type")
self.assertContains(response, "id_state_territory")
self.assertContains(response, "id_address_line1")
self.assertContains(response, "id_address_line2")
self.assertContains(response, "id_city")
self.assertContains(response, "id_zipcode")
self.assertContains(response, "id_urbanization")
self.assertNotContains(response, "closelink")
self.assertContains(response, "Save")
self.assertContains(response, "Delete")
@less_console_noise_decorator
def test_omb_analyst_filter_feb_portfolios(self):
"""Ensure OMB analysts can apply filters and only feb portfolios show."""
self.client.force_login(self.omb_analyst)
# in setup, created two portfolios: Test portfolio and Test FEB portfolio
# only executive portfolio should show up with the search for 'portfolio'
response = self.client.get(
reverse("admin:registrar_portfolio_changelist"),
data={"q": "test"},
)
self.assertNotContains(response, self.portfolio.organization_name)
self.assertContains(response, self.feb_portfolio.organization_name)
@less_console_noise_decorator @less_console_noise_decorator
def test_created_on_display(self): def test_created_on_display(self):
"""Tests the custom created on which is a reskin of the created_at field""" """Tests the custom created on which is a reskin of the created_at field"""
@ -3777,6 +4310,7 @@ class TestTransferUser(WebTest):
super().setUpClass() super().setUpClass()
cls.site = AdminSite() cls.site = AdminSite()
cls.superuser = create_superuser() cls.superuser = create_superuser()
cls.omb_analyst = create_omb_analyst_user()
cls.admin = PortfolioAdmin(model=Portfolio, admin_site=cls.site) cls.admin = PortfolioAdmin(model=Portfolio, admin_site=cls.site)
cls.factory = RequestFactory() cls.factory = RequestFactory()
@ -3797,6 +4331,13 @@ class TestTransferUser(WebTest):
Portfolio.objects.all().delete() Portfolio.objects.all().delete()
UserDomainRole.objects.all().delete() UserDomainRole.objects.all().delete()
@less_console_noise_decorator
def test_omb_analyst(self):
"""Ensure OMB analysts cannot view transfer_user."""
self.client.force_login(self.omb_analyst)
response = self.client.get(reverse("transfer_user", args=[self.user1.pk]))
self.assertEqual(response.status_code, 403)
@less_console_noise_decorator @less_console_noise_decorator
def test_transfer_user_shows_current_and_selected_user_information(self): def test_transfer_user_shows_current_and_selected_user_information(self):
"""Assert we pull the current user info and display it on the transfer page""" """Assert we pull the current user info and display it on the transfer page"""

145
src/registrar/tests/test_admin_domain.py
View file

@ -17,14 +17,17 @@ from registrar.models import (
Host, Host,
Portfolio, Portfolio,
) )
from registrar.models.federal_agency import FederalAgency
from registrar.models.public_contact import PublicContact from registrar.models.public_contact import PublicContact
from registrar.models.user_domain_role import UserDomainRole from registrar.models.user_domain_role import UserDomainRole
from registrar.utility.constants import BranchChoices
from .common import ( from .common import (
MockSESClient, MockSESClient,
completed_domain_request, completed_domain_request,
less_console_noise, less_console_noise,
create_superuser, create_superuser,
create_user, create_user,
create_omb_analyst_user,
create_ready_domain, create_ready_domain,
MockEppLib, MockEppLib,
GenericTestHelper, GenericTestHelper,
@ -48,7 +51,9 @@ class TestDomainAdminAsStaff(MockEppLib):
@classmethod @classmethod
def setUpClass(self): def setUpClass(self):
super().setUpClass() super().setUpClass()
self.superuser = create_superuser()
self.staffuser = create_user() self.staffuser = create_user()
self.omb_analyst = create_omb_analyst_user()
self.site = AdminSite() self.site = AdminSite()
self.admin = DomainAdmin(model=Domain, admin_site=self.site) self.admin = DomainAdmin(model=Domain, admin_site=self.site)
self.factory = RequestFactory() self.factory = RequestFactory()
@ -56,6 +61,24 @@ class TestDomainAdminAsStaff(MockEppLib):
def setUp(self): def setUp(self):
self.client = Client(HTTP_HOST="localhost:8080") self.client = Client(HTTP_HOST="localhost:8080")
self.client.force_login(self.staffuser) self.client.force_login(self.staffuser)
self.nonfebdomain = Domain.objects.create(name="nonfebexample.com")
self.febdomain = Domain.objects.create(name="febexample.com", state=Domain.State.READY)
self.fed_agency = FederalAgency.objects.create(
agency="New FedExec Agency", federal_type=BranchChoices.EXECUTIVE
)
self.portfolio = Portfolio.objects.create(
organization_name="new portfolio",
organization_type=DomainRequest.OrganizationChoices.FEDERAL,
federal_agency=self.fed_agency,
creator=self.staffuser,
)
self.domain_info = DomainInformation.objects.create(
domain=self.febdomain, portfolio=self.portfolio, creator=self.staffuser
)
self.nonfebportfolio = Portfolio.objects.create(
organization_name="non feb portfolio",
creator=self.staffuser,
)
super().setUp() super().setUp()
def tearDown(self): def tearDown(self):
@ -65,12 +88,134 @@ class TestDomainAdminAsStaff(MockEppLib):
Domain.objects.all().delete() Domain.objects.all().delete()
DomainInformation.objects.all().delete() DomainInformation.objects.all().delete()
DomainRequest.objects.all().delete() DomainRequest.objects.all().delete()
Portfolio.objects.all().delete()
self.fed_agency.delete()
@classmethod @classmethod
def tearDownClass(self): def tearDownClass(self):
User.objects.all().delete() User.objects.all().delete()
super().tearDownClass() super().tearDownClass()
@less_console_noise_decorator
def test_omb_analyst_view(self):
"""Ensure OMB analysts can view domain list."""
self.client.force_login(self.omb_analyst)
response = self.client.get(reverse("admin:registrar_domain_changelist"))
self.assertEqual(response.status_code, 200)
self.assertContains(response, self.febdomain.name)
self.assertNotContains(response, self.nonfebdomain.name)
self.assertNotContains(response, ">Import<")
self.assertNotContains(response, ">Export<")
@less_console_noise_decorator
def test_omb_analyst_change(self):
"""Ensure OMB analysts can view/edit federal executive branch domains."""
self.client.force_login(self.omb_analyst)
response = self.client.get(reverse("admin:registrar_domain_change", args=[self.nonfebdomain.id]))
self.assertEqual(response.status_code, 302)
response = self.client.get(reverse("admin:registrar_domain_change", args=[self.febdomain.id]))
self.assertEqual(response.status_code, 200)
self.assertContains(response, self.febdomain.name)
# test portfolio dropdown
self.assertContains(response, self.portfolio.organization_name)
self.assertNotContains(response, self.nonfebportfolio.organization_name)
# test buttons
self.assertNotContains(response, "Manage domain")
self.assertNotContains(response, "Get registry status")
self.assertNotContains(response, "Extend expiration date")
self.assertNotContains(response, "Remove from registry")
self.assertContains(response, "Place hold")
self.assertContains(response, "Save")
self.assertNotContains(response, ">Delete<")
# test whether fields are readonly or editable
self.assertNotContains(response, "id_domain_info-0-portfolio")
self.assertNotContains(response, "id_domain_info-0-sub_organization")
self.assertNotContains(response, "id_domain_info-0-creator")
self.assertNotContains(response, "id_domain_info-0-federal_agency")
self.assertNotContains(response, "id_domain_info-0-about_your_organization")
self.assertNotContains(response, "id_domain_info-0-anything_else")
self.assertNotContains(response, "id_domain_info-0-cisa_representative_first_name")
self.assertNotContains(response, "id_domain_info-0-cisa_representative_last_name")
self.assertNotContains(response, "id_domain_info-0-cisa_representative_email")
self.assertNotContains(response, "id_domain_info-0-domain_request")
self.assertNotContains(response, "id_domain_info-0-notes")
self.assertNotContains(response, "id_domain_info-0-senior_official")
self.assertNotContains(response, "id_domain_info-0-organization_type")
self.assertNotContains(response, "id_domain_info-0-state_territory")
self.assertNotContains(response, "id_domain_info-0-address_line1")
self.assertNotContains(response, "id_domain_info-0-address_line2")
self.assertNotContains(response, "id_domain_info-0-city")
self.assertNotContains(response, "id_domain_info-0-zipcode")
self.assertNotContains(response, "id_domain_info-0-urbanization")
self.assertNotContains(response, "id_domain_info-0-portfolio_organization_type")
self.assertNotContains(response, "id_domain_info-0-portfolio_federal_type")
self.assertNotContains(response, "id_domain_info-0-portfolio_organization_name")
self.assertNotContains(response, "id_domain_info-0-portfolio_federal_agency")
self.assertNotContains(response, "id_domain_info-0-portfolio_state_territory")
self.assertNotContains(response, "id_domain_info-0-portfolio_address_line1")
self.assertNotContains(response, "id_domain_info-0-portfolio_address_line2")
self.assertNotContains(response, "id_domain_info-0-portfolio_city")
self.assertNotContains(response, "id_domain_info-0-portfolio_zipcode")
self.assertNotContains(response, "id_domain_info-0-portfolio_urbanization")
self.assertNotContains(response, "id_domain_info-0-organization_type")
self.assertNotContains(response, "id_domain_info-0-federal_type")
self.assertNotContains(response, "id_domain_info-0-federal_agency")
self.assertNotContains(response, "id_domain_info-0-tribe_name")
self.assertNotContains(response, "id_domain_info-0-federally_recognized_tribe")
self.assertNotContains(response, "id_domain_info-0-state_recognized_tribe")
self.assertNotContains(response, "id_domain_info-0-about_your_organization")
self.assertNotContains(response, "id_domain_info-0-portfolio")
self.assertNotContains(response, "id_domain_info-0-sub_organization")
@less_console_noise_decorator
def test_superuser_change(self):
"""Ensure super user can view/edit all domains."""
self.client.force_login(self.superuser)
response = self.client.get(reverse("admin:registrar_domain_change", args=[self.nonfebdomain.id]))
self.assertEqual(response.status_code, 200)
response = self.client.get(reverse("admin:registrar_domain_change", args=[self.febdomain.id]))
self.assertEqual(response.status_code, 200)
self.assertContains(response, self.febdomain.name)
# test portfolio dropdown
self.assertContains(response, self.portfolio.organization_name)
# test buttons
self.assertContains(response, "Manage domain")
self.assertContains(response, "Get registry status")
self.assertContains(response, "Extend expiration date")
self.assertContains(response, "Remove from registry")
self.assertContains(response, "Place hold")
self.assertContains(response, "Save")
self.assertContains(response, ">Delete<")
# test whether fields are readonly or editable
self.assertContains(response, "id_domain_info-0-portfolio")
self.assertContains(response, "id_domain_info-0-sub_organization")
self.assertContains(response, "id_domain_info-0-creator")
self.assertContains(response, "id_domain_info-0-federal_agency")
self.assertContains(response, "id_domain_info-0-about_your_organization")
self.assertContains(response, "id_domain_info-0-anything_else")
self.assertContains(response, "id_domain_info-0-cisa_representative_first_name")
self.assertContains(response, "id_domain_info-0-cisa_representative_last_name")
self.assertContains(response, "id_domain_info-0-cisa_representative_email")
self.assertContains(response, "id_domain_info-0-domain_request")
self.assertContains(response, "id_domain_info-0-notes")
self.assertContains(response, "id_domain_info-0-senior_official")
self.assertContains(response, "id_domain_info-0-organization_type")
self.assertContains(response, "id_domain_info-0-state_territory")
self.assertContains(response, "id_domain_info-0-address_line1")
self.assertContains(response, "id_domain_info-0-address_line2")
self.assertContains(response, "id_domain_info-0-city")
self.assertContains(response, "id_domain_info-0-zipcode")
self.assertContains(response, "id_domain_info-0-urbanization")
self.assertContains(response, "id_domain_info-0-organization_type")
self.assertContains(response, "id_domain_info-0-federal_type")
self.assertContains(response, "id_domain_info-0-federal_agency")
self.assertContains(response, "id_domain_info-0-tribe_name")
self.assertContains(response, "id_domain_info-0-federally_recognized_tribe")
self.assertContains(response, "id_domain_info-0-state_recognized_tribe")
self.assertContains(response, "id_domain_info-0-about_your_organization")
self.assertContains(response, "id_domain_info-0-portfolio")
self.assertContains(response, "id_domain_info-0-sub_organization")
@less_console_noise_decorator @less_console_noise_decorator
def test_staff_can_see_cisa_region_federal(self): def test_staff_can_see_cisa_region_federal(self):
"""Tests if staff can see CISA Region: N/A""" """Tests if staff can see CISA Region: N/A"""

160
src/registrar/tests/test_admin_request.py
View file

@ -1,6 +1,8 @@
from datetime import datetime from datetime import datetime
from django.forms import ValidationError from django.forms import ValidationError
from django.utils import timezone from django.utils import timezone
from registrar.models.federal_agency import FederalAgency
from registrar.utility.constants import BranchChoices
from waffle.testutils import override_flag from waffle.testutils import override_flag
import re import re
from django.test import RequestFactory, Client, TestCase, override_settings from django.test import RequestFactory, Client, TestCase, override_settings
@ -37,6 +39,7 @@ from .common import (
less_console_noise, less_console_noise,
create_superuser, create_superuser,
create_user, create_user,
create_omb_analyst_user,
multiple_unalphabetical_domain_objects, multiple_unalphabetical_domain_objects,
MockEppLib, MockEppLib,
GenericTestHelper, GenericTestHelper,
@ -69,6 +72,7 @@ class TestDomainRequestAdmin(MockEppLib):
self.admin = DomainRequestAdmin(model=DomainRequest, admin_site=self.site) self.admin = DomainRequestAdmin(model=DomainRequest, admin_site=self.site)
self.superuser = create_superuser() self.superuser = create_superuser()
self.staffuser = create_user() self.staffuser = create_user()
self.ombanalyst = create_omb_analyst_user()
self.client = Client(HTTP_HOST="localhost:8080") self.client = Client(HTTP_HOST="localhost:8080")
self.test_helper = GenericTestHelper( self.test_helper = GenericTestHelper(
factory=self.factory, factory=self.factory,
@ -81,6 +85,12 @@ class TestDomainRequestAdmin(MockEppLib):
allowed_emails = [AllowedEmail(email="mayor@igorville.gov"), AllowedEmail(email="help@get.gov")] allowed_emails = [AllowedEmail(email="mayor@igorville.gov"), AllowedEmail(email="help@get.gov")]
AllowedEmail.objects.bulk_create(allowed_emails) AllowedEmail.objects.bulk_create(allowed_emails)
def setUp(self):
super().setUp()
self.fed_agency = FederalAgency.objects.create(
agency="New FedExec Agency", federal_type=BranchChoices.EXECUTIVE
)
def tearDown(self): def tearDown(self):
super().tearDown() super().tearDown()
Host.objects.all().delete() Host.objects.all().delete()
@ -93,6 +103,7 @@ class TestDomainRequestAdmin(MockEppLib):
SeniorOfficial.objects.all().delete() SeniorOfficial.objects.all().delete()
Suborganization.objects.all().delete() Suborganization.objects.all().delete()
Portfolio.objects.all().delete() Portfolio.objects.all().delete()
self.fed_agency.delete()
self.mock_client.EMAILS_SENT.clear() self.mock_client.EMAILS_SENT.clear()
@classmethod @classmethod
@ -101,6 +112,71 @@ class TestDomainRequestAdmin(MockEppLib):
User.objects.all().delete() User.objects.all().delete()
AllowedEmail.objects.all().delete() AllowedEmail.objects.all().delete()
@override_flag("organization_feature", active=True)
@less_console_noise_decorator
def test_omb_analyst_view(self):
"""Ensure OMB analysts can view domain request list."""
febportfolio = Portfolio.objects.create(
organization_name="new portfolio",
organization_type=DomainRequest.OrganizationChoices.FEDERAL,
federal_agency=self.fed_agency,
creator=self.ombanalyst,
)
nonfebportfolio = Portfolio.objects.create(
organization_name="non feb portfolio",
creator=self.ombanalyst,
)
nonfebdomainrequest = completed_domain_request(
name="test1234nonfeb.gov",
portfolio=nonfebportfolio,
status=DomainRequest.DomainRequestStatus.SUBMITTED,
)
febdomainrequest = completed_domain_request(
name="test1234feb.gov",
portfolio=febportfolio,
status=DomainRequest.DomainRequestStatus.SUBMITTED,
)
self.client.force_login(self.ombanalyst)
response = self.client.get(reverse("admin:registrar_domainrequest_changelist"))
self.assertEqual(response.status_code, 200)
self.assertContains(response, febdomainrequest.requested_domain.name)
self.assertNotContains(response, nonfebdomainrequest.requested_domain.name)
self.assertNotContains(response, ">Import<")
self.assertNotContains(response, ">Export<")
@less_console_noise_decorator
def test_omb_analyst_change(self):
"""Ensure OMB analysts can view/edit federal executive branch domain requests."""
self.client.force_login(self.ombanalyst)
febportfolio = Portfolio.objects.create(
organization_name="new portfolio",
organization_type=DomainRequest.OrganizationChoices.FEDERAL,
federal_agency=self.fed_agency,
creator=self.ombanalyst,
)
nonfebportfolio = Portfolio.objects.create(
organization_name="non feb portfolio",
creator=self.ombanalyst,
)
nonfebdomainrequest = completed_domain_request(
name="test1234nonfeb.gov",
portfolio=nonfebportfolio,
status=DomainRequest.DomainRequestStatus.SUBMITTED,
)
febdomainrequest = completed_domain_request(
name="test1234feb.gov",
portfolio=febportfolio,
status=DomainRequest.DomainRequestStatus.SUBMITTED,
)
response = self.client.get(reverse("admin:registrar_domainrequest_change", args=[nonfebdomainrequest.id]))
self.assertEqual(response.status_code, 302)
response = self.client.get(reverse("admin:registrar_domainrequest_change", args=[febdomainrequest.id]))
self.assertEqual(response.status_code, 200)
self.assertContains(response, febdomainrequest.requested_domain.name)
# test buttons
self.assertContains(response, "Save")
self.assertNotContains(response, ">Delete<")
@override_flag("organization_feature", active=True) @override_flag("organization_feature", active=True)
@less_console_noise_decorator @less_console_noise_decorator
def test_clean_validates_duplicate_suborganization(self): def test_clean_validates_duplicate_suborganization(self):
@ -1985,6 +2061,10 @@ class TestDomainRequestAdmin(MockEppLib):
"feb_naming_requirements", "feb_naming_requirements",
"feb_naming_requirements_details", "feb_naming_requirements_details",
"feb_purpose_choice", "feb_purpose_choice",
"working_with_eop",
"eop_stakeholder_first_name",
"eop_stakeholder_last_name",
"eop_stakeholder_email",
"purpose", "purpose",
"has_timeframe", "has_timeframe",
"time_frame_details", "time_frame_details",
@ -2073,6 +2153,86 @@ class TestDomainRequestAdmin(MockEppLib):
self.assertEqual(readonly_fields, expected_fields) self.assertEqual(readonly_fields, expected_fields)
def test_readonly_fields_for_omb_analyst(self):
with less_console_noise():
request = self.factory.get("/") # Use the correct method and path
request.user = self.ombanalyst
readonly_fields = self.admin.get_readonly_fields(request)
expected_fields = [
"portfolio_senior_official",
"portfolio_organization_type",
"portfolio_federal_type",
"portfolio_organization_name",
"portfolio_federal_agency",
"portfolio_state_territory",
"portfolio_address_line1",
"portfolio_address_line2",
"portfolio_city",
"portfolio_zipcode",
"portfolio_urbanization",
"other_contacts",
"current_websites",
"alternative_domains",
"is_election_board",
"status_history",
"federal_agency",
"creator",
"about_your_organization",
"requested_domain",
"approved_domain",
"alternative_domains",
"purpose",
"no_other_contacts_rationale",
"anything_else",
"is_policy_acknowledged",
"cisa_representative_first_name",
"cisa_representative_last_name",
"cisa_representative_email",
"status",
"investigator",
"notes",
"senior_official",
"organization_type",
"organization_name",
"state_territory",
"address_line1",
"address_line2",
"city",
"zipcode",
"urbanization",
"portfolio_organization_type",
"portfolio_federal_type",
"portfolio_organization_name",
"portfolio_federal_agency",
"portfolio_state_territory",
"portfolio_address_line1",
"portfolio_address_line2",
"portfolio_city",
"portfolio_zipcode",
"portfolio_urbanization",
"is_election_board",
"organization_type",
"federal_type",
"federal_agency",
"tribe_name",
"federally_recognized_tribe",
"state_recognized_tribe",
"about_your_organization",
"rejection_reason",
"rejection_reason_email",
"action_needed_reason",
"action_needed_reason_email",
"portfolio",
"sub_organization",
"requested_suborganization",
"suborganization_city",
"suborganization_state_territory",
]
self.assertEqual(readonly_fields, expected_fields)
def test_saving_when_restricted_creator(self): def test_saving_when_restricted_creator(self):
with less_console_noise(): with less_console_noise():
# Create an instance of the model # Create an instance of the model

231
src/registrar/tests/test_email_invitations.py
View file

@ -1,5 +1,5 @@
import unittest import unittest
from unittest.mock import patch, MagicMock from unittest.mock import patch, MagicMock, ANY
from datetime import date from datetime import date
from registrar.models.domain import Domain from registrar.models.domain import Domain
from registrar.models.portfolio import Portfolio from registrar.models.portfolio import Portfolio
@ -13,13 +13,15 @@ from registrar.utility.email_invitations import (
_send_portfolio_admin_addition_emails_to_portfolio_admins, _send_portfolio_admin_addition_emails_to_portfolio_admins,
_send_portfolio_admin_removal_emails_to_portfolio_admins, _send_portfolio_admin_removal_emails_to_portfolio_admins,
send_domain_invitation_email, send_domain_invitation_email,
send_emails_to_domain_managers, _send_domain_invitation_update_emails_to_domain_managers,
send_domain_manager_removal_emails_to_domain_managers,
send_portfolio_admin_addition_emails, send_portfolio_admin_addition_emails,
send_portfolio_admin_removal_emails, send_portfolio_admin_removal_emails,
send_portfolio_invitation_email, send_portfolio_invitation_email,
send_portfolio_invitation_remove_email, send_portfolio_invitation_remove_email,
send_portfolio_member_permission_remove_email, send_portfolio_member_permission_remove_email,
send_portfolio_member_permission_update_email, send_portfolio_member_permission_update_email,
send_portfolio_update_emails_to_portfolio_admins,
) )
from api.tests.common import less_console_noise_decorator from api.tests.common import less_console_noise_decorator
@ -33,7 +35,7 @@ class DomainInvitationEmail(unittest.TestCase):
@patch("registrar.utility.email_invitations.UserDomainRole.objects.filter") @patch("registrar.utility.email_invitations.UserDomainRole.objects.filter")
@patch("registrar.utility.email_invitations._validate_invitation") @patch("registrar.utility.email_invitations._validate_invitation")
@patch("registrar.utility.email_invitations._get_requestor_email") @patch("registrar.utility.email_invitations._get_requestor_email")
@patch("registrar.utility.email_invitations.send_invitation_email") @patch("registrar.utility.email_invitations._send_domain_invitation_email")
@patch("registrar.utility.email_invitations._normalize_domains") @patch("registrar.utility.email_invitations._normalize_domains")
def test_send_domain_invitation_email( def test_send_domain_invitation_email(
self, self,
@ -98,7 +100,7 @@ class DomainInvitationEmail(unittest.TestCase):
@patch("registrar.utility.email_invitations.UserDomainRole.objects.filter") @patch("registrar.utility.email_invitations.UserDomainRole.objects.filter")
@patch("registrar.utility.email_invitations._validate_invitation") @patch("registrar.utility.email_invitations._validate_invitation")
@patch("registrar.utility.email_invitations._get_requestor_email") @patch("registrar.utility.email_invitations._get_requestor_email")
@patch("registrar.utility.email_invitations.send_invitation_email") @patch("registrar.utility.email_invitations._send_domain_invitation_email")
@patch("registrar.utility.email_invitations._normalize_domains") @patch("registrar.utility.email_invitations._normalize_domains")
def test_send_domain_invitation_email_multiple_domains( def test_send_domain_invitation_email_multiple_domains(
self, self,
@ -234,7 +236,7 @@ class DomainInvitationEmail(unittest.TestCase):
@less_console_noise_decorator @less_console_noise_decorator
@patch("registrar.utility.email_invitations._validate_invitation") @patch("registrar.utility.email_invitations._validate_invitation")
@patch("registrar.utility.email_invitations._get_requestor_email") @patch("registrar.utility.email_invitations._get_requestor_email")
@patch("registrar.utility.email_invitations.send_invitation_email") @patch("registrar.utility.email_invitations._send_domain_invitation_email")
@patch("registrar.utility.email_invitations._normalize_domains") @patch("registrar.utility.email_invitations._normalize_domains")
def test_send_domain_invitation_email_raises_sending_email_exception( def test_send_domain_invitation_email_raises_sending_email_exception(
self, self,
@ -281,10 +283,10 @@ class DomainInvitationEmail(unittest.TestCase):
self.assertEqual(str(context.exception), "Error sending email") self.assertEqual(str(context.exception), "Error sending email")
@less_console_noise_decorator @less_console_noise_decorator
@patch("registrar.utility.email_invitations.send_emails_to_domain_managers") @patch("registrar.utility.email_invitations._send_domain_invitation_update_emails_to_domain_managers")
@patch("registrar.utility.email_invitations._validate_invitation") @patch("registrar.utility.email_invitations._validate_invitation")
@patch("registrar.utility.email_invitations._get_requestor_email") @patch("registrar.utility.email_invitations._get_requestor_email")
@patch("registrar.utility.email_invitations.send_invitation_email") @patch("registrar.utility.email_invitations._send_domain_invitation_email")
@patch("registrar.utility.email_invitations._normalize_domains") @patch("registrar.utility.email_invitations._normalize_domains")
def test_send_domain_invitation_email_manager_emails_send_mail_exception( def test_send_domain_invitation_email_manager_emails_send_mail_exception(
self, self,
@ -295,7 +297,7 @@ class DomainInvitationEmail(unittest.TestCase):
mock_send_domain_manager_emails, mock_send_domain_manager_emails,
): ):
"""Test sending domain invitation email for one domain and assert exception """Test sending domain invitation email for one domain and assert exception
when send_emails_to_domain_managers fails. when _send_domain_invitation_update_emails_to_domain_managers fails.
""" """
# Setup # Setup
mock_domain = MagicMock(name="domain1") mock_domain = MagicMock(name="domain1")
@ -354,7 +356,7 @@ class DomainInvitationEmail(unittest.TestCase):
mock_send_templated_email.return_value = None # No exception means success mock_send_templated_email.return_value = None # No exception means success
# Call function # Call function
result = send_emails_to_domain_managers(mock_email, mock_requestor_email, mock_domain) result = _send_domain_invitation_update_emails_to_domain_managers(mock_email, mock_requestor_email, mock_domain)
# Assertions # Assertions
self.assertTrue(result) # All emails should be successfully sent self.assertTrue(result) # All emails should be successfully sent
@ -394,7 +396,7 @@ class DomainInvitationEmail(unittest.TestCase):
mock_send_templated_email.side_effect = EmailSendingError("Email sending failed") mock_send_templated_email.side_effect = EmailSendingError("Email sending failed")
# Call function # Call function
result = send_emails_to_domain_managers(mock_email, mock_requestor_email, mock_domain) result = _send_domain_invitation_update_emails_to_domain_managers(mock_email, mock_requestor_email, mock_domain)
# Assertions # Assertions
self.assertFalse(result) # The result should be False as email sending failed self.assertFalse(result) # The result should be False as email sending failed
@ -426,7 +428,7 @@ class DomainInvitationEmail(unittest.TestCase):
mock_filter.return_value = [] mock_filter.return_value = []
# Call function # Call function
result = send_emails_to_domain_managers(mock_email, mock_requestor_email, mock_domain) result = _send_domain_invitation_update_emails_to_domain_managers(mock_email, mock_requestor_email, mock_domain)
# Assertions # Assertions
self.assertTrue(result) # No emails to send, so it should return True self.assertTrue(result) # No emails to send, so it should return True
@ -457,7 +459,7 @@ class DomainInvitationEmail(unittest.TestCase):
mock_send_templated_email.side_effect = [None, EmailSendingError("Failed to send email")] mock_send_templated_email.side_effect = [None, EmailSendingError("Failed to send email")]
# Call function # Call function
result = send_emails_to_domain_managers(mock_email, mock_requestor_email, mock_domain) result = _send_domain_invitation_update_emails_to_domain_managers(mock_email, mock_requestor_email, mock_domain)
# Assertions # Assertions
self.assertFalse(result) # One email failed, so result should be False self.assertFalse(result) # One email failed, so result should be False
@ -1112,3 +1114,208 @@ class TestSendPortfolioInvitationRemoveEmail(unittest.TestCase):
# Assertions # Assertions
mock_logger.warning.assert_not_called() # Function should fail before logging email failure mock_logger.warning.assert_not_called() # Function should fail before logging email failure
class SendDomainManagerRemovalEmailsToManagersTests(unittest.TestCase):
"""Unit tests for send_domain_manager_removal_emails_to_domain_managers function."""
def setUp(self):
"""Set up test data."""
self.email = "removed.admin@example.com"
self.requestor_email = "requestor@example.com"
self.domain = MagicMock(spec=Domain)
self.domain.name = "Test Domain"
# Mock domain manager users
self.manager_user1 = MagicMock(spec=User)
self.manager_user1.email = "manager1@example.com"
self.manager_user2 = MagicMock(spec=User)
self.manager_user2.email = "manager2@example.com"
self.domain_manager1 = MagicMock(spec=UserDomainRole)
self.domain_manager1.user = self.manager_user1
self.domain_manager2 = MagicMock(spec=UserDomainRole)
self.domain_manager2.user = self.manager_user2
@less_console_noise_decorator
@patch("registrar.utility.email_invitations.send_templated_email")
@patch("registrar.utility.email_invitations.UserDomainRole.objects.filter")
def test_send_email_success(self, mock_filter, mock_send_templated_email):
"""Test successful sending of domain manager removal emails."""
mock_filter.return_value.exclude.return_value = [self.domain_manager1]
mock_send_templated_email.return_value = None # No exception means success
result = send_domain_manager_removal_emails_to_domain_managers(
removed_by_user=self.manager_user1,
manager_removed=self.manager_user2,
manager_removed_email=self.manager_user2.email,
domain=self.domain,
)
mock_filter.assert_called_once_with(domain=self.domain)
mock_send_templated_email.assert_any_call(
"emails/domain_manager_deleted_notification.txt",
"emails/domain_manager_deleted_notification_subject.txt",
to_address=self.manager_user1.email,
context={
"domain": self.domain,
"removed_by": self.manager_user1,
"manager_removed_email": self.manager_user2.email,
"date": date.today(),
},
)
self.assertTrue(result)
@less_console_noise_decorator
@patch("registrar.utility.email_invitations.send_templated_email")
@patch("registrar.utility.email_invitations.UserDomainRole.objects.filter")
def test_send_email_success_when_no_user(self, mock_filter, mock_send_templated_email):
"""Test successful sending of domain manager removal emails."""
mock_filter.return_value = [self.domain_manager1, self.domain_manager2]
mock_send_templated_email.return_value = None # No exception means success
result = send_domain_manager_removal_emails_to_domain_managers(
removed_by_user=self.manager_user1,
manager_removed=None,
manager_removed_email=self.manager_user2.email,
domain=self.domain,
)
mock_filter.assert_called_once_with(domain=self.domain)
mock_send_templated_email.assert_any_call(
"emails/domain_manager_deleted_notification.txt",
"emails/domain_manager_deleted_notification_subject.txt",
to_address=self.manager_user1.email,
context={
"domain": self.domain,
"removed_by": self.manager_user1,
"manager_removed_email": self.manager_user2.email,
"date": date.today(),
},
)
mock_send_templated_email.assert_any_call(
"emails/domain_manager_deleted_notification.txt",
"emails/domain_manager_deleted_notification_subject.txt",
to_address=self.manager_user2.email,
context={
"domain": self.domain,
"removed_by": self.manager_user1,
"manager_removed_email": self.manager_user2.email,
"date": date.today(),
},
)
self.assertTrue(result)
@less_console_noise_decorator
@patch("registrar.utility.email_invitations.send_templated_email", side_effect=EmailSendingError)
@patch("registrar.utility.email_invitations.UserDomainRole.objects.filter")
def test_send_email_failure(self, mock_filter, mock_send_templated_email):
"""Test handling of failure in sending admin removal emails."""
mock_filter.return_value.exclude.return_value = [self.domain_manager1, self.domain_manager2]
result = send_domain_manager_removal_emails_to_domain_managers(
removed_by_user=self.manager_user1,
manager_removed=self.manager_user2,
manager_removed_email=self.manager_user2.email,
domain=self.domain,
)
self.assertFalse(result)
mock_filter.assert_called_once_with(domain=self.domain)
mock_send_templated_email.assert_any_call(
"emails/domain_manager_deleted_notification.txt",
"emails/domain_manager_deleted_notification_subject.txt",
to_address=self.manager_user1.email,
context={
"domain": self.domain,
"removed_by": self.manager_user1,
"manager_removed_email": self.manager_user2.email,
"date": date.today(),
},
)
mock_send_templated_email.assert_any_call(
"emails/domain_manager_deleted_notification.txt",
"emails/domain_manager_deleted_notification_subject.txt",
to_address=self.manager_user2.email,
context={
"domain": self.domain,
"removed_by": self.manager_user1,
"manager_removed_email": self.manager_user2.email,
"date": date.today(),
},
)
@less_console_noise_decorator
@patch("registrar.utility.email_invitations.UserDomainRole.objects.filter")
def test_no_managers_to_notify(self, mock_filter):
"""Test case where there are no domain managers to notify."""
mock_filter.return_value.exclude.return_value = [] # No managers
result = send_domain_manager_removal_emails_to_domain_managers(
removed_by_user=self.manager_user1,
manager_removed=self.manager_user2,
manager_removed_email=self.manager_user2.email,
domain=self.domain,
)
self.assertTrue(result) # No emails sent, but also no failures
mock_filter.assert_called_once_with(domain=self.domain)
class TestSendPortfolioOrganizationUpdateEmail(unittest.TestCase):
"""Unit tests for send_portfolio_update_emails_to_portfolio_admins function."""
def setUp(self):
"""Set up test data."""
self.email = "removed.admin@example.com"
self.requestor_email = "requestor@example.com"
self.portfolio = MagicMock(spec=Portfolio, name="Portfolio")
self.portfolio.organization_name = "Test Organization"
# Mock portfolio admin users
self.admin_user1 = MagicMock(spec=User)
self.admin_user1.email = "admin1@example.com"
self.admin_user2 = MagicMock(spec=User)
self.admin_user2.email = "admin2@example.com"
self.portfolio_admin1 = MagicMock(spec=UserPortfolioPermission)
self.portfolio_admin1.user = self.admin_user1
self.portfolio_admin1.roles = [UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
self.portfolio_admin2 = MagicMock(spec=UserPortfolioPermission)
self.portfolio_admin2.user = self.admin_user2
self.portfolio_admin2.roles = [UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
@patch("registrar.utility.email_invitations.send_templated_email")
@patch("registrar.utility.email_invitations.UserPortfolioPermission.objects.filter")
def test_send_portfolio_update_emails_to_portfolio_admins(self, mock_filter, mock_send_templated_email):
"""Test send_portfolio_update_emails_to_portfolio_admins sends templated email."""
# Mock data
editor = self.admin_user1
updated_page = "Organization"
mock_filter.return_value = [self.portfolio_admin1, self.portfolio_admin2]
mock_send_templated_email.return_value = None # No exception means success
# Call function
result = send_portfolio_update_emails_to_portfolio_admins(editor, self.portfolio, updated_page)
mock_filter.assert_called_once_with(
portfolio=self.portfolio, roles__contains=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
)
mock_send_templated_email.assert_any_call(
"emails/portfolio_org_update_notification.txt",
"emails/portfolio_org_update_notification_subject.txt",
to_address=self.admin_user1.email,
context=ANY,
)
mock_send_templated_email.assert_any_call(
"emails/portfolio_org_update_notification.txt",
"emails/portfolio_org_update_notification_subject.txt",
to_address=self.admin_user2.email,
context=ANY,
)
self.assertTrue(result)

48
src/registrar/tests/test_middleware_logging.py Normal file
View file

@ -0,0 +1,48 @@
from django.test import TestCase, RequestFactory, override_settings
from unittest.mock import patch, MagicMock
from django.contrib.auth.models import AnonymousUser, User
from registrar.registrar_middleware import RequestLoggingMiddleware
class RequestLoggingMiddlewareTest(TestCase):
"""Test 'our' middleware logging."""
def setUp(self):
self.factory = RequestFactory()
self.get_response_mock = MagicMock()
self.middleware = RequestLoggingMiddleware(self.get_response_mock)
@override_settings(IS_PRODUCTION=True) # Scopes change to this test only
@patch("logging.Logger.info")
def test_logging_enabled_in_production(self, mock_logger):
"""Test that logging occurs when IS_PRODUCTION is True"""
request = self.factory.get("/test-path", **{"REMOTE_ADDR": "Unknown IP"}) # Override IP
request.user = User(username="testuser", email="testuser@example.com")
self.middleware(request) # Call middleware
mock_logger.assert_called_once_with(
"Router log | User: testuser@example.com | IP: Unknown IP | Path: /test-path"
)
@patch("logging.Logger.info")
def test_logging_disabled_in_non_production(self, mock_logger):
"""Test that logging does not occur when IS_PRODUCTION is False"""
request = self.factory.get("/test-path")
request.user = User(username="testuser", email="testuser@example.com")
self.middleware(request) # Call middleware
mock_logger.assert_not_called() # Ensure no logs are generated
@override_settings(IS_PRODUCTION=True) # Scopes change to this test only
@patch("logging.Logger.info")
def test_logging_anonymous_user(self, mock_logger):
"""Test logging for an anonymous user"""
request = self.factory.get("/anonymous-path", **{"REMOTE_ADDR": "Unknown IP"}) # Override IP
request.user = AnonymousUser() # Simulate an anonymous user
self.middleware(request) # Call middleware
mock_logger.assert_called_once_with("Router log | User: Anonymous | IP: Unknown IP | Path: /anonymous-path")

117
src/registrar/tests/test_models_domain.py
View file

@ -771,6 +771,9 @@ class TestRegistrantContacts(MockEppLib):
self.domain, _ = Domain.objects.get_or_create(name="security.gov") self.domain, _ = Domain.objects.get_or_create(name="security.gov")
# Creates a domain with an associated contact # Creates a domain with an associated contact
self.domain_contact, _ = Domain.objects.get_or_create(name="freeman.gov") self.domain_contact, _ = Domain.objects.get_or_create(name="freeman.gov")
DF = common.DiscloseField
excluded_disclose_fields = {DF.NOTIFY_EMAIL, DF.VAT, DF.IDENT}
self.all_disclose_fields = {field for field in DF} - excluded_disclose_fields
def tearDown(self): def tearDown(self):
super().tearDown() super().tearDown()
@ -807,7 +810,9 @@ class TestRegistrantContacts(MockEppLib):
contact_type=PublicContact.ContactTypeChoices.SECURITY, contact_type=PublicContact.ContactTypeChoices.SECURITY,
).registry_id ).registry_id
expectedSecContact.registry_id = id expectedSecContact.registry_id = id
expectedCreateCommand = self._convertPublicContactToEpp(expectedSecContact, disclose_email=False) expectedCreateCommand = self._convertPublicContactToEpp(
expectedSecContact, disclose=False, disclose_fields=self.all_disclose_fields
)
expectedUpdateDomain = commands.UpdateDomain( expectedUpdateDomain = commands.UpdateDomain(
name=self.domain.name, name=self.domain.name,
add=[common.DomainContact(contact=expectedSecContact.registry_id, type="security")], add=[common.DomainContact(contact=expectedSecContact.registry_id, type="security")],
@ -837,7 +842,7 @@ class TestRegistrantContacts(MockEppLib):
# self.domain.security_contact=expectedSecContact # self.domain.security_contact=expectedSecContact
expectedSecContact.save() expectedSecContact.save()
# no longer the default email it should be disclosed # no longer the default email it should be disclosed
expectedCreateCommand = self._convertPublicContactToEpp(expectedSecContact, disclose_email=True) expectedCreateCommand = self._convertPublicContactToEpp(expectedSecContact, disclose=False)
expectedUpdateDomain = commands.UpdateDomain( expectedUpdateDomain = commands.UpdateDomain(
name=self.domain.name, name=self.domain.name,
add=[common.DomainContact(contact=expectedSecContact.registry_id, type="security")], add=[common.DomainContact(contact=expectedSecContact.registry_id, type="security")],
@ -862,7 +867,9 @@ class TestRegistrantContacts(MockEppLib):
security_contact.registry_id = "fail" security_contact.registry_id = "fail"
security_contact.save() security_contact.save()
self.domain.security_contact = security_contact self.domain.security_contact = security_contact
expectedCreateCommand = self._convertPublicContactToEpp(security_contact, disclose_email=False) expectedCreateCommand = self._convertPublicContactToEpp(
security_contact, disclose=False, disclose_fields=self.all_disclose_fields
)
expectedUpdateDomain = commands.UpdateDomain( expectedUpdateDomain = commands.UpdateDomain(
name=self.domain.name, name=self.domain.name,
add=[common.DomainContact(contact=security_contact.registry_id, type="security")], add=[common.DomainContact(contact=security_contact.registry_id, type="security")],
@ -895,7 +902,7 @@ class TestRegistrantContacts(MockEppLib):
new_contact.registry_id = "fail" new_contact.registry_id = "fail"
new_contact.email = "" new_contact.email = ""
self.domain.security_contact = new_contact self.domain.security_contact = new_contact
firstCreateContactCall = self._convertPublicContactToEpp(old_contact, disclose_email=True) firstCreateContactCall = self._convertPublicContactToEpp(old_contact, disclose=False)
updateDomainAddCall = commands.UpdateDomain( updateDomainAddCall = commands.UpdateDomain(
name=self.domain.name, name=self.domain.name,
add=[common.DomainContact(contact=old_contact.registry_id, type="security")], add=[common.DomainContact(contact=old_contact.registry_id, type="security")],
@ -905,7 +912,7 @@ class TestRegistrantContacts(MockEppLib):
PublicContact.get_default_security().email, PublicContact.get_default_security().email,
) )
# this one triggers the fail # this one triggers the fail
secondCreateContact = self._convertPublicContactToEpp(new_contact, disclose_email=True) secondCreateContact = self._convertPublicContactToEpp(new_contact, disclose=False)
updateDomainRemCall = commands.UpdateDomain( updateDomainRemCall = commands.UpdateDomain(
name=self.domain.name, name=self.domain.name,
rem=[common.DomainContact(contact=old_contact.registry_id, type="security")], rem=[common.DomainContact(contact=old_contact.registry_id, type="security")],
@ -913,7 +920,9 @@ class TestRegistrantContacts(MockEppLib):
defaultSecID = PublicContact.objects.filter(domain=self.domain).get().registry_id defaultSecID = PublicContact.objects.filter(domain=self.domain).get().registry_id
default_security = PublicContact.get_default_security() default_security = PublicContact.get_default_security()
default_security.registry_id = defaultSecID default_security.registry_id = defaultSecID
createDefaultContact = self._convertPublicContactToEpp(default_security, disclose_email=False) createDefaultContact = self._convertPublicContactToEpp(
default_security, disclose=False, disclose_fields=self.all_disclose_fields
)
updateDomainWDefault = commands.UpdateDomain( updateDomainWDefault = commands.UpdateDomain(
name=self.domain.name, name=self.domain.name,
add=[common.DomainContact(contact=defaultSecID, type="security")], add=[common.DomainContact(contact=defaultSecID, type="security")],
@ -941,15 +950,15 @@ class TestRegistrantContacts(MockEppLib):
security_contact.email = "originalUserEmail@gmail.com" security_contact.email = "originalUserEmail@gmail.com"
security_contact.registry_id = "fail" security_contact.registry_id = "fail"
security_contact.save() security_contact.save()
expectedCreateCommand = self._convertPublicContactToEpp(security_contact, disclose_email=True) expectedCreateCommand = self._convertPublicContactToEpp(security_contact, disclose=False)
expectedUpdateDomain = commands.UpdateDomain( expectedUpdateDomain = commands.UpdateDomain(
name=self.domain.name, name=self.domain.name,
add=[common.DomainContact(contact=security_contact.registry_id, type="security")], add=[common.DomainContact(contact=security_contact.registry_id, type="security")],
) )
security_contact.email = "changedEmail@email.com" security_contact.email = "changedEmail@email.com"
security_contact.save() security_contact.save()
expectedSecondCreateCommand = self._convertPublicContactToEpp(security_contact, disclose_email=True) expectedSecondCreateCommand = self._convertPublicContactToEpp(security_contact, disclose=False)
updateContact = self._convertPublicContactToEpp(security_contact, disclose_email=True, createContact=False) updateContact = self._convertPublicContactToEpp(security_contact, disclose=False, createContact=False)
expected_calls = [ expected_calls = [
call(expectedCreateCommand, cleaned=True), call(expectedCreateCommand, cleaned=True),
call(expectedUpdateDomain, cleaned=True), call(expectedUpdateDomain, cleaned=True),
@ -1037,9 +1046,23 @@ class TestRegistrantContacts(MockEppLib):
for contact in contacts: for contact in contacts:
expected_contact = contact[0] expected_contact = contact[0]
actual_contact = contact[1] actual_contact = contact[1]
is_security = expected_contact.contact_type == "security" if expected_contact.contact_type == PublicContact.ContactTypeChoices.SECURITY:
expectedCreateCommand = self._convertPublicContactToEpp(expected_contact, disclose_email=is_security) disclose_fields = self.all_disclose_fields - {"email"}
# Should only be disclosed if the type is security, as the email is valid expectedCreateCommand = self._convertPublicContactToEpp(
expected_contact, disclose=False, disclose_fields=disclose_fields
)
elif expected_contact.contact_type == PublicContact.ContactTypeChoices.ADMINISTRATIVE:
disclose_fields = self.all_disclose_fields - {"name", "email", "voice", "addr"}
expectedCreateCommand = self._convertPublicContactToEpp(
expected_contact,
disclose=False,
disclose_fields=disclose_fields,
disclose_types={"addr": "loc", "name": "loc"},
)
else:
expectedCreateCommand = self._convertPublicContactToEpp(
expected_contact, disclose=False, disclose_fields=self.all_disclose_fields
)
self.mockedSendFunction.assert_any_call(expectedCreateCommand, cleaned=True) self.mockedSendFunction.assert_any_call(expectedCreateCommand, cleaned=True)
# The emails should match on both items # The emails should match on both items
self.assertEqual(expected_contact.email, actual_contact.email) self.assertEqual(expected_contact.email, actual_contact.email)
@ -1048,23 +1071,26 @@ class TestRegistrantContacts(MockEppLib):
with less_console_noise(): with less_console_noise():
domain, _ = Domain.objects.get_or_create(name="freeman.gov") domain, _ = Domain.objects.get_or_create(name="freeman.gov")
dummy_contact = domain.get_default_security_contact() dummy_contact = domain.get_default_security_contact()
test_disclose = self._convertPublicContactToEpp(dummy_contact, disclose_email=True).__dict__ test_disclose = self._convertPublicContactToEpp(dummy_contact, disclose=False).__dict__
test_not_disclose = self._convertPublicContactToEpp(dummy_contact, disclose_email=False).__dict__ test_not_disclose = self._convertPublicContactToEpp(dummy_contact, disclose=False).__dict__
# Separated for linter # Separated for linter
disclose_email_field = {common.DiscloseField.EMAIL} disclose_email_field = self.all_disclose_fields - {common.DiscloseField.EMAIL}
DF = common.DiscloseField
expected_disclose = { expected_disclose = {
"auth_info": common.ContactAuthInfo(pw="2fooBAR123fooBaz"), "auth_info": common.ContactAuthInfo(pw="2fooBAR123fooBaz"),
"disclose": common.Disclose(flag=True, fields=disclose_email_field, types=None), "disclose": common.Disclose(
"email": "dotgov@cisa.dhs.gov", flag=False, fields=disclose_email_field, types={DF.ADDR: "loc", DF.NAME: "loc"}
),
"email": "help@get.gov",
"extensions": [], "extensions": [],
"fax": None, "fax": None,
"id": "ThIq2NcRIDN7PauO", "id": "ThIq2NcRIDN7PauO",
"ident": None, "ident": None,
"notify_email": None, "notify_email": None,
"postal_info": common.PostalInfo( "postal_info": common.PostalInfo(
name="Registry Customer Service", name="CSD/CB Attn: .gov TLD",
addr=common.ContactAddr( addr=common.ContactAddr(
street=["4200 Wilson Blvd.", None, None], street=["1110 N. Glebe Rd", None, None],
city="Arlington", city="Arlington",
pc="22201", pc="22201",
cc="US", cc="US",
@ -1079,17 +1105,19 @@ class TestRegistrantContacts(MockEppLib):
# Separated for linter # Separated for linter
expected_not_disclose = { expected_not_disclose = {
"auth_info": common.ContactAuthInfo(pw="2fooBAR123fooBaz"), "auth_info": common.ContactAuthInfo(pw="2fooBAR123fooBaz"),
"disclose": common.Disclose(flag=False, fields=disclose_email_field, types=None), "disclose": common.Disclose(
"email": "dotgov@cisa.dhs.gov", flag=False, fields=disclose_email_field, types={DF.ADDR: "loc", DF.NAME: "loc"}
),
"email": "help@get.gov",
"extensions": [], "extensions": [],
"fax": None, "fax": None,
"id": "ThrECENCHI76PGLh", "id": "ThrECENCHI76PGLh",
"ident": None, "ident": None,
"notify_email": None, "notify_email": None,
"postal_info": common.PostalInfo( "postal_info": common.PostalInfo(
name="Registry Customer Service", name="CSD/CB Attn: .gov TLD",
addr=common.ContactAddr( addr=common.ContactAddr(
street=["4200 Wilson Blvd.", None, None], street=["1110 N. Glebe Rd", None, None],
city="Arlington", city="Arlington",
pc="22201", pc="22201",
cc="US", cc="US",
@ -1107,6 +1135,39 @@ class TestRegistrantContacts(MockEppLib):
self.assertEqual(test_disclose, expected_disclose) self.assertEqual(test_disclose, expected_disclose)
self.assertEqual(test_not_disclose, expected_not_disclose) self.assertEqual(test_not_disclose, expected_not_disclose)
@less_console_noise_decorator
def test_convert_public_contact_with_custom_fields(self):
"""Test converting a contact with custom disclosure fields."""
domain, _ = Domain.objects.get_or_create(name="freeman.gov")
dummy_contact = domain.get_default_administrative_contact()
DF = common.DiscloseField
# Create contact with multiple disclosure fields
result = self._convertPublicContactToEpp(
dummy_contact,
disclose=True,
disclose_fields={DF.EMAIL, DF.VOICE, DF.ADDR},
disclose_types={},
)
self.assertEqual(result.disclose.flag, True)
self.assertEqual(result.disclose.fields, {DF.EMAIL, DF.VOICE, DF.ADDR})
self.assertEqual(result.disclose.types, {})
@less_console_noise_decorator
def test_convert_public_contact_with_empty_fields(self):
"""Test converting a contact with empty disclosure fields."""
domain, _ = Domain.objects.get_or_create(name="freeman.gov")
dummy_contact = domain.get_default_security_contact()
DF = common.DiscloseField
# Create contact with empty fields list
result = self._convertPublicContactToEpp(dummy_contact, disclose=True, disclose_fields={DF.EMAIL})
# Verify disclosure settings
self.assertEqual(result.disclose.flag, True)
self.assertEqual(result.disclose.fields, {DF.EMAIL})
self.assertEqual(result.disclose.types, {DF.ADDR: "loc", DF.NAME: "loc"})
def test_not_disclosed_on_default_security_contact(self): def test_not_disclosed_on_default_security_contact(self):
""" """
Scenario: Registrant creates a new domain with no security email Scenario: Registrant creates a new domain with no security email
@ -1120,7 +1181,9 @@ class TestRegistrantContacts(MockEppLib):
expectedSecContact.domain = domain expectedSecContact.domain = domain
expectedSecContact.registry_id = "defaultSec" expectedSecContact.registry_id = "defaultSec"
domain.security_contact = expectedSecContact domain.security_contact = expectedSecContact
expectedCreateCommand = self._convertPublicContactToEpp(expectedSecContact, disclose_email=False) expectedCreateCommand = self._convertPublicContactToEpp(
expectedSecContact, disclose=False, disclose_fields=self.all_disclose_fields
)
self.mockedSendFunction.assert_any_call(expectedCreateCommand, cleaned=True) self.mockedSendFunction.assert_any_call(expectedCreateCommand, cleaned=True)
# Confirm that we are getting a default email # Confirm that we are getting a default email
self.assertEqual(domain.security_contact.email, expectedSecContact.email) self.assertEqual(domain.security_contact.email, expectedSecContact.email)
@ -1138,7 +1201,9 @@ class TestRegistrantContacts(MockEppLib):
expectedTechContact.domain = domain expectedTechContact.domain = domain
expectedTechContact.registry_id = "defaultTech" expectedTechContact.registry_id = "defaultTech"
domain.technical_contact = expectedTechContact domain.technical_contact = expectedTechContact
expectedCreateCommand = self._convertPublicContactToEpp(expectedTechContact, disclose_email=False) expectedCreateCommand = self._convertPublicContactToEpp(
expectedTechContact, disclose=False, disclose_fields=self.all_disclose_fields
)
self.mockedSendFunction.assert_any_call(expectedCreateCommand, cleaned=True) self.mockedSendFunction.assert_any_call(expectedCreateCommand, cleaned=True)
# Confirm that we are getting a default email # Confirm that we are getting a default email
self.assertEqual(domain.technical_contact.email, expectedTechContact.email) self.assertEqual(domain.technical_contact.email, expectedTechContact.email)
@ -1157,7 +1222,7 @@ class TestRegistrantContacts(MockEppLib):
expectedSecContact.domain = domain expectedSecContact.domain = domain
expectedSecContact.email = "security@mail.gov" expectedSecContact.email = "security@mail.gov"
domain.security_contact = expectedSecContact domain.security_contact = expectedSecContact
expectedCreateCommand = self._convertPublicContactToEpp(expectedSecContact, disclose_email=True) expectedCreateCommand = self._convertPublicContactToEpp(expectedSecContact, disclose=False)
self.mockedSendFunction.assert_any_call(expectedCreateCommand, cleaned=True) self.mockedSendFunction.assert_any_call(expectedCreateCommand, cleaned=True)
# Confirm that we are getting the desired email # Confirm that we are getting the desired email
self.assertEqual(domain.security_contact.email, expectedSecContact.email) self.assertEqual(domain.security_contact.email, expectedSecContact.email)

24
src/registrar/tests/test_reports.py
View file

@ -72,7 +72,7 @@ class CsvReportsTest(MockDbForSharedTests):
fake_open = mock_open() fake_open = mock_open()
expected_file_content = [ expected_file_content = [
call("Domain name,Domain type,Agency,Organization name,City,State,Security contact email\r\n"), call("Domain name,Domain type,Agency,Organization name,City,State,Security contact email\r\n"),
call("cdomain11.gov,Federal - Executive,World War I Centennial Commission,,,,(blank)\r\n"), call("cdomain11.gov,Federal,World War I Centennial Commission,,,,(blank)\r\n"),
call("cdomain1.gov,Federal - Executive,World War I Centennial Commission,,,,(blank)\r\n"), call("cdomain1.gov,Federal - Executive,World War I Centennial Commission,,,,(blank)\r\n"),
call("adomain10.gov,Federal,Armed Forces Retirement Home,,,,(blank)\r\n"), call("adomain10.gov,Federal,Armed Forces Retirement Home,,,,(blank)\r\n"),
call("ddomain3.gov,Federal,Armed Forces Retirement Home,,,,(blank)\r\n"), call("ddomain3.gov,Federal,Armed Forces Retirement Home,,,,(blank)\r\n"),
@ -94,7 +94,7 @@ class CsvReportsTest(MockDbForSharedTests):
fake_open = mock_open() fake_open = mock_open()
expected_file_content = [ expected_file_content = [
call("Domain name,Domain type,Agency,Organization name,City,State,Security contact email\r\n"), call("Domain name,Domain type,Agency,Organization name,City,State,Security contact email\r\n"),
call("cdomain11.gov,Federal - Executive,World War I Centennial Commission,,,,(blank)\r\n"), call("cdomain11.gov,Federal,World War I Centennial Commission,,,,(blank)\r\n"),
call("cdomain1.gov,Federal - Executive,World War I Centennial Commission,,,,(blank)\r\n"), call("cdomain1.gov,Federal - Executive,World War I Centennial Commission,,,,(blank)\r\n"),
call("adomain10.gov,Federal,Armed Forces Retirement Home,,,,(blank)\r\n"), call("adomain10.gov,Federal,Armed Forces Retirement Home,,,,(blank)\r\n"),
call("ddomain3.gov,Federal,Armed Forces Retirement Home,,,,(blank)\r\n"), call("ddomain3.gov,Federal,Armed Forces Retirement Home,,,,(blank)\r\n"),
@ -261,9 +261,6 @@ class ExportDataTest(MockDbForIndividualTests, MockEppLib):
"defaultsecurity.gov,Ready,2023-11-01,(blank),Federal - Executive," "defaultsecurity.gov,Ready,2023-11-01,(blank),Federal - Executive,"
"Portfolio 1 Federal Agency,Portfolio 1 Federal Agency,,, ,,(blank)," "Portfolio 1 Federal Agency,Portfolio 1 Federal Agency,,, ,,(blank),"
'"big_lebowski@dude.co, info@example.com, meoward@rocks.com",woofwardthethird@rocks.com\n' '"big_lebowski@dude.co, info@example.com, meoward@rocks.com",woofwardthethird@rocks.com\n'
"cdomain11.gov,Ready,2024-04-02,(blank),Federal - Executive,"
"World War I Centennial Commission,,,, ,,(blank),"
"meoward@rocks.com,\n"
"adomain10.gov,Ready,2024-04-03,(blank),Federal,Armed Forces Retirement Home,,,, ,,(blank),," "adomain10.gov,Ready,2024-04-03,(blank),Federal,Armed Forces Retirement Home,,,, ,,(blank),,"
"squeaker@rocks.com\n" "squeaker@rocks.com\n"
"bdomain4.gov,Unknown,(blank),(blank),Federal,Armed Forces Retirement Home,,,, ,,(blank),,\n" "bdomain4.gov,Unknown,(blank),(blank),Federal,Armed Forces Retirement Home,,,, ,,(blank),,\n"
@ -274,6 +271,9 @@ class ExportDataTest(MockDbForIndividualTests, MockEppLib):
"sdomain8.gov,Deleted,(blank),(blank),Federal,Armed Forces Retirement Home,,,, ,,(blank),,\n" "sdomain8.gov,Deleted,(blank),(blank),Federal,Armed Forces Retirement Home,,,, ,,(blank),,\n"
"xdomain7.gov,Deleted,(blank),(blank),Federal,Armed Forces Retirement Home,,,, ,,(blank),,\n" "xdomain7.gov,Deleted,(blank),(blank),Federal,Armed Forces Retirement Home,,,, ,,(blank),,\n"
"zdomain9.gov,Deleted,(blank),(blank),Federal,Armed Forces Retirement Home,,,, ,,(blank),,\n" "zdomain9.gov,Deleted,(blank),(blank),Federal,Armed Forces Retirement Home,,,, ,,(blank),,\n"
"cdomain11.gov,Ready,2024-04-02,(blank),Federal,"
"World War I Centennial Commission,,,, ,,(blank),"
"meoward@rocks.com,\n"
"zdomain12.gov,Ready,2024-04-02,(blank),Interstate,,,,, ,,(blank),meoward@rocks.com,\n" "zdomain12.gov,Ready,2024-04-02,(blank),Interstate,,,,, ,,(blank),meoward@rocks.com,\n"
) )
@ -498,7 +498,7 @@ class ExportDataTest(MockDbForIndividualTests, MockEppLib):
# sorted alphabetially by domain name # sorted alphabetially by domain name
expected_content = ( expected_content = (
"Domain name,Domain type,Agency,Organization name,City,State,Security contact email\n" "Domain name,Domain type,Agency,Organization name,City,State,Security contact email\n"
"cdomain11.gov,Federal - Executive,World War I Centennial Commission,,,,(blank)\n" "cdomain11.gov,Federal,World War I Centennial Commission,,,,(blank)\n"
"defaultsecurity.gov,Federal - Executive,World War I Centennial Commission,,,,(blank)\n" "defaultsecurity.gov,Federal - Executive,World War I Centennial Commission,,,,(blank)\n"
"adomain10.gov,Federal,Armed Forces Retirement Home,,,,(blank)\n" "adomain10.gov,Federal,Armed Forces Retirement Home,,,,(blank)\n"
"ddomain3.gov,Federal,Armed Forces Retirement Home,,,,security@mail.gov\n" "ddomain3.gov,Federal,Armed Forces Retirement Home,,,,security@mail.gov\n"
@ -538,7 +538,7 @@ class ExportDataTest(MockDbForIndividualTests, MockEppLib):
# sorted alphabetially by domain name # sorted alphabetially by domain name
expected_content = ( expected_content = (
"Domain name,Domain type,Agency,Organization name,City,State,Security contact email\n" "Domain name,Domain type,Agency,Organization name,City,State,Security contact email\n"
"cdomain11.gov,Federal - Executive,World War I Centennial Commission,,,,(blank)\n" "cdomain11.gov,Federal,World War I Centennial Commission,,,,(blank)\n"
"defaultsecurity.gov,Federal - Executive,World War I Centennial Commission,,,,(blank)\n" "defaultsecurity.gov,Federal - Executive,World War I Centennial Commission,,,,(blank)\n"
"adomain10.gov,Federal,Armed Forces Retirement Home,,,,(blank)\n" "adomain10.gov,Federal,Armed Forces Retirement Home,,,,(blank)\n"
"ddomain3.gov,Federal,Armed Forces Retirement Home,,,,security@mail.gov\n" "ddomain3.gov,Federal,Armed Forces Retirement Home,,,,security@mail.gov\n"
@ -594,7 +594,7 @@ class ExportDataTest(MockDbForIndividualTests, MockEppLib):
"State,Status,Expiration date, Deleted\n" "State,Status,Expiration date, Deleted\n"
"cdomain1.gov,Federal-Executive,Portfolio1FederalAgency,Portfolio1FederalAgency,Ready,(blank)\n" "cdomain1.gov,Federal-Executive,Portfolio1FederalAgency,Portfolio1FederalAgency,Ready,(blank)\n"
"adomain10.gov,Federal,ArmedForcesRetirementHome,Ready,(blank)\n" "adomain10.gov,Federal,ArmedForcesRetirementHome,Ready,(blank)\n"
"cdomain11.gov,Federal-Executive,WorldWarICentennialCommission,Ready,(blank)\n" "cdomain11.gov,Federal,WorldWarICentennialCommission,Ready,(blank)\n"
"zdomain12.gov,Interstate,Ready,(blank)\n" "zdomain12.gov,Interstate,Ready,(blank)\n"
"zdomain9.gov,Federal,ArmedForcesRetirementHome,Deleted,(blank),2024-04-01\n" "zdomain9.gov,Federal,ArmedForcesRetirementHome,Deleted,(blank),2024-04-01\n"
"sdomain8.gov,Federal,ArmedForcesRetirementHome,Deleted,(blank),2024-04-02\n" "sdomain8.gov,Federal,ArmedForcesRetirementHome,Deleted,(blank),2024-04-02\n"
@ -642,7 +642,7 @@ class ExportDataTest(MockDbForIndividualTests, MockEppLib):
"3,2,1,0,0,0,0,0,0,0\n" "3,2,1,0,0,0,0,0,0,0\n"
"\n" "\n"
"Domain name,Domain type,Domain managers,Invited domain managers\n" "Domain name,Domain type,Domain managers,Invited domain managers\n"
"cdomain11.gov,Federal - Executive,meoward@rocks.com,\n" "cdomain11.gov,Federal,meoward@rocks.com,\n"
'cdomain1.gov,Federal - Executive,"big_lebowski@dude.co, info@example.com, meoward@rocks.com",' 'cdomain1.gov,Federal - Executive,"big_lebowski@dude.co, info@example.com, meoward@rocks.com",'
"woofwardthethird@rocks.com\n" "woofwardthethird@rocks.com\n"
"zdomain12.gov,Interstate,meoward@rocks.com,\n" "zdomain12.gov,Interstate,meoward@rocks.com,\n"
@ -716,7 +716,7 @@ class ExportDataTest(MockDbForIndividualTests, MockEppLib):
expected_content = ( expected_content = (
"Domain request,Domain type,Federal type\n" "Domain request,Domain type,Federal type\n"
"city3.gov,Federal,Executive\n" "city3.gov,Federal,Executive\n"
"city4.gov,City,Executive\n" "city4.gov,City,\n"
"city6.gov,Federal,Executive\n" "city6.gov,Federal,Executive\n"
) )
@ -783,7 +783,7 @@ class ExportDataTest(MockDbForIndividualTests, MockEppLib):
"SO last name,SO email,SO title/role,Request purpose,Request additional details,Other contacts," "SO last name,SO email,SO title/role,Request purpose,Request additional details,Other contacts,"
"CISA regional representative,Current websites,Investigator\n" "CISA regional representative,Current websites,Investigator\n"
# Content # Content
"city5.gov,Approved,Federal,No,Executive,,Testorg,N/A,,NY,2,requested_suborg,SanFran,CA,,,,,1,0," "city5.gov,Approved,Federal,No,,,Testorg,N/A,,NY,2,requested_suborg,SanFran,CA,,,,,1,0,"
"city1.gov,Testy,Tester,testy@town.com,Chief Tester,Purpose of the site,There is more," "city1.gov,Testy,Tester,testy@town.com,Chief Tester,Purpose of the site,There is more,"
"Testy Tester testy2@town.com,,city.com,\n" "Testy Tester testy2@town.com,,city.com,\n"
"city2.gov,In review,Federal,Yes,Executive,Portfolio 1 Federal Agency,Portfolio 1 Federal Agency," "city2.gov,In review,Federal,Yes,Executive,Portfolio 1 Federal Agency,Portfolio 1 Federal Agency,"
@ -795,7 +795,7 @@ class ExportDataTest(MockDbForIndividualTests, MockEppLib):
'There is more,"Meow Tester24 te2@town.com, Testy1232 Tester24 te2@town.com, ' 'There is more,"Meow Tester24 te2@town.com, Testy1232 Tester24 te2@town.com, '
'Testy Tester testy2@town.com",' 'Testy Tester testy2@town.com",'
'test@igorville.com,"city.com, https://www.example2.com, https://www.example.com",\n' 'test@igorville.com,"city.com, https://www.example2.com, https://www.example.com",\n'
"city4.gov,Submitted,City,No,Executive,,Testorg,Yes,,NY,2,,,,,,,,0,1,city1.gov,Testy," "city4.gov,Submitted,City,No,,,Testorg,Yes,,NY,2,,,,,,,,0,1,city1.gov,Testy,"
"Tester,testy@town.com," "Tester,testy@town.com,"
"Chief Tester,Purpose of the site,CISA-first-name CISA-last-name | There is more," "Chief Tester,Purpose of the site,CISA-first-name CISA-last-name | There is more,"
"Testy Tester testy2@town.com," "Testy Tester testy2@town.com,"

91
src/registrar/tests/test_views_domain.py
View file

@ -1084,8 +1084,8 @@ class TestDomainManagers(TestDomainOverview):
@boto3_mocking.patching @boto3_mocking.patching
@less_console_noise_decorator @less_console_noise_decorator
@patch("registrar.views.domain.send_templated_email") @patch("registrar.views.domain.send_domain_manager_removal_emails_to_domain_managers")
def test_domain_remove_manager(self, mock_send_templated_email): def test_domain_remove_manager(self, mock_send_email):
"""Removing a domain manager sends notification email to other domain managers.""" """Removing a domain manager sends notification email to other domain managers."""
self.manager, _ = User.objects.get_or_create(email="mayor@igorville.com", first_name="Hello", last_name="World") self.manager, _ = User.objects.get_or_create(email="mayor@igorville.com", first_name="Hello", last_name="World")
self.manager_domain_permission, _ = UserDomainRole.objects.get_or_create(user=self.manager, domain=self.domain) self.manager_domain_permission, _ = UserDomainRole.objects.get_or_create(user=self.manager, domain=self.domain)
@ -1094,11 +1094,11 @@ class TestDomainManagers(TestDomainOverview):
) )
# Verify that the notification emails were sent to domain manager # Verify that the notification emails were sent to domain manager
mock_send_templated_email.assert_called_once_with( mock_send_email.assert_called_once_with(
"emails/domain_manager_deleted_notification.txt", removed_by_user=self.user,
"emails/domain_manager_deleted_notification_subject.txt", manager_removed=self.manager,
to_address="info@example.com", manager_removed_email=self.manager.email,
context=ANY, domain=self.domain,
) )
@less_console_noise_decorator @less_console_noise_decorator
@ -2547,8 +2547,8 @@ class TestDomainDNSSEC(TestDomainOverview):
domain DNSSEC data and shows a button to Add new record""" domain DNSSEC data and shows a button to Add new record"""
page = self.client.get(reverse("domain-dns-dnssec-dsdata", kwargs={"domain_pk": self.domain_dnssec_none.id})) page = self.client.get(reverse("domain-dns-dnssec-dsdata", kwargs={"domain_pk": self.domain_dnssec_none.id}))
self.assertContains(page, "You have no DS data added") self.assertEqual(page.status_code, 200)
self.assertContains(page, "Add new record") self.assertContains(page, "Add DS record")
@less_console_noise_decorator @less_console_noise_decorator
def test_ds_form_loads_with_ds_data(self): def test_ds_form_loads_with_ds_data(self):
@ -2556,26 +2556,8 @@ class TestDomainDNSSEC(TestDomainOverview):
domain DNSSEC DS data and shows the data""" domain DNSSEC DS data and shows the data"""
page = self.client.get(reverse("domain-dns-dnssec-dsdata", kwargs={"domain_pk": self.domain_dsdata.id})) page = self.client.get(reverse("domain-dns-dnssec-dsdata", kwargs={"domain_pk": self.domain_dsdata.id}))
self.assertContains(page, "DS data record 1") self.assertContains(page, "Add DS record") # assert add form is present
self.assertContains(page, "Action") # assert table is present
@less_console_noise_decorator
def test_ds_data_form_modal(self):
"""When user clicks on save, a modal pops up."""
add_data_page = self.app.get(reverse("domain-dns-dnssec-dsdata", kwargs={"domain_pk": self.domain_dsdata.id}))
# Assert that a hidden trigger for the modal does not exist.
# This hidden trigger will pop on the page when certain condition are met:
# 1) Initial form contained DS data, 2) All data is deleted and form is
# submitted.
self.assertNotContains(add_data_page, "Trigger Disable DNSSEC Modal")
# Simulate a delete all data
form_data = {}
response = self.client.post(
reverse("domain-dns-dnssec-dsdata", kwargs={"domain_pk": self.domain_dsdata.id}),
data=form_data,
)
self.assertEqual(response.status_code, 200) # Adjust status code as needed
# Now check to see whether the JS trigger for the modal is present on the page
self.assertContains(response, "Trigger Disable DNSSEC Modal")
@less_console_noise_decorator @less_console_noise_decorator
def test_ds_data_form_submits(self): def test_ds_data_form_submits(self):
@ -2620,6 +2602,32 @@ class TestDomainDNSSEC(TestDomainOverview):
self.assertContains(result, "Digest type is required", count=2, status_code=200) self.assertContains(result, "Digest type is required", count=2, status_code=200)
self.assertContains(result, "Digest is required", count=2, status_code=200) self.assertContains(result, "Digest is required", count=2, status_code=200)
@less_console_noise_decorator
def test_ds_data_form_duplicate(self):
"""DS data form errors with invalid data (duplicate DS)
Uses self.app WebTest because we need to interact with forms.
"""
add_data_page = self.app.get(reverse("domain-dns-dnssec-dsdata", kwargs={"domain_pk": self.domain_dsdata.id}))
session_id = self.app.cookies[settings.SESSION_COOKIE_NAME]
self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id)
# all four form fields are required, so will test with each blank
add_data_page.forms[0]["form-0-key_tag"] = 1234
add_data_page.forms[0]["form-0-algorithm"] = 3
add_data_page.forms[0]["form-0-digest_type"] = 1
add_data_page.forms[0]["form-0-digest"] = "ec0bdd990b39feead889f0ba613db4adec0bdd99"
add_data_page.forms[0]["form-1-key_tag"] = 1234
add_data_page.forms[0]["form-1-algorithm"] = 3
add_data_page.forms[0]["form-1-digest_type"] = 1
add_data_page.forms[0]["form-1-digest"] = "ec0bdd990b39feead889f0ba613db4adec0bdd99"
result = add_data_page.forms[0].submit()
# form submission was a post with an error, response should be a 200
# error text appears twice, once at the top of the page, once around
# the field.
self.assertContains(
result, "You already entered this DS record. DS records must be unique.", count=2, status_code=200
)
@less_console_noise_decorator @less_console_noise_decorator
def test_ds_data_form_invalid_keytag(self): def test_ds_data_form_invalid_keytag(self):
"""DS data form errors with invalid data (key tag too large) """DS data form errors with invalid data (key tag too large)
@ -2643,6 +2651,29 @@ class TestDomainDNSSEC(TestDomainOverview):
result, str(DsDataError(code=DsDataErrorCodes.INVALID_KEYTAG_SIZE)), count=2, status_code=200 result, str(DsDataError(code=DsDataErrorCodes.INVALID_KEYTAG_SIZE)), count=2, status_code=200
) )
@less_console_noise_decorator
def test_ds_data_form_invalid_keytag_chars(self):
"""DS data form errors with invalid data (key tag not numeric)
Uses self.app WebTest because we need to interact with forms.
"""
add_data_page = self.app.get(reverse("domain-dns-dnssec-dsdata", kwargs={"domain_pk": self.domain_dsdata.id}))
session_id = self.app.cookies[settings.SESSION_COOKIE_NAME]
self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id)
# first two nameservers are required, so if we empty one out we should
# get a form error
add_data_page.forms[0]["form-0-key_tag"] = "invalid" # not numeric
add_data_page.forms[0]["form-0-algorithm"] = ""
add_data_page.forms[0]["form-0-digest_type"] = ""
add_data_page.forms[0]["form-0-digest"] = ""
result = add_data_page.forms[0].submit()
# form submission was a post with an error, response should be a 200
# error text appears twice, once at the top of the page, once around
# the field.
self.assertContains(
result, str(DsDataError(code=DsDataErrorCodes.INVALID_KEYTAG_CHARS)), count=2, status_code=200
)
@less_console_noise_decorator @less_console_noise_decorator
def test_ds_data_form_invalid_digest_chars(self): def test_ds_data_form_invalid_digest_chars(self):
"""DS data form errors with invalid data (digest contains non hexadecimal chars) """DS data form errors with invalid data (digest contains non hexadecimal chars)
@ -2698,8 +2729,6 @@ class TestDomainDNSSEC(TestDomainOverview):
add_data_page = self.app.get(reverse("domain-dns-dnssec-dsdata", kwargs={"domain_pk": self.domain_dsdata.id})) add_data_page = self.app.get(reverse("domain-dns-dnssec-dsdata", kwargs={"domain_pk": self.domain_dsdata.id}))
session_id = self.app.cookies[settings.SESSION_COOKIE_NAME] session_id = self.app.cookies[settings.SESSION_COOKIE_NAME]
self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id) self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id)
# first two nameservers are required, so if we empty one out we should
# get a form error
add_data_page.forms[0]["form-0-key_tag"] = "1234" add_data_page.forms[0]["form-0-key_tag"] = "1234"
add_data_page.forms[0]["form-0-algorithm"] = "3" add_data_page.forms[0]["form-0-algorithm"] = "3"
add_data_page.forms[0]["form-0-digest_type"] = "2" # SHA-256 add_data_page.forms[0]["form-0-digest_type"] = "2" # SHA-256

182
src/registrar/tests/test_views_portfolio.py
View file

@ -376,8 +376,8 @@ class TestPortfolio(WebTest):
self.assertContains(page, "Non-Federal Agency") self.assertContains(page, "Non-Federal Agency")
@less_console_noise_decorator @less_console_noise_decorator
def test_domain_org_name_address_form(self): def test_org_form_invalid_update(self):
"""Submitting changes works on the org name address page.""" """Organization form will not redirect on invalid formsets."""
with override_flag("organization_feature", active=True): with override_flag("organization_feature", active=True):
self.app.set_user(self.user.username) self.app.set_user(self.user.username)
portfolio_additional_permissions = [ portfolio_additional_permissions = [
@ -398,11 +398,79 @@ class TestPortfolio(WebTest):
self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id) self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id)
success_result_page = portfolio_org_name_page.form.submit() success_result_page = portfolio_org_name_page.form.submit()
# Form will not validate with missing required field (zipcode)
self.assertEqual(success_result_page.status_code, 200) self.assertEqual(success_result_page.status_code, 200)
self.assertContains(success_result_page, "6 Downing st") self.assertContains(success_result_page, "6 Downing st")
self.assertContains(success_result_page, "London") self.assertContains(success_result_page, "London")
@less_console_noise_decorator
def test_org_form_valid_update(self):
"""Organization form will redirect on valid formsets."""
with override_flag("organization_feature", active=True):
self.app.set_user(self.user.username)
portfolio_additional_permissions = [
UserPortfolioPermissionChoices.VIEW_PORTFOLIO,
UserPortfolioPermissionChoices.EDIT_PORTFOLIO,
]
portfolio_permission, _ = UserPortfolioPermission.objects.get_or_create(
user=self.user, portfolio=self.portfolio, additional_permissions=portfolio_additional_permissions
)
self.portfolio.address_line1 = "1600 Penn Ave"
self.portfolio.save()
portfolio_org_name_page = self.app.get(reverse("organization"))
session_id = self.app.cookies[settings.SESSION_COOKIE_NAME]
# Form validates and redirects with all required fields
portfolio_org_name_page.form["address_line1"] = "6 Downing st"
portfolio_org_name_page.form["city"] = "London"
portfolio_org_name_page.form["zipcode"] = "11111"
self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id)
success_result_page = portfolio_org_name_page.form.submit()
self.assertEqual(success_result_page.status_code, 302)
@boto3_mocking.patching
@less_console_noise_decorator
@patch("registrar.views.portfolios.send_portfolio_update_emails_to_portfolio_admins")
def test_org_update_sends_admin_email(self, mock_send_organization_update_email):
"""Updating organization information emails organization admin."""
with override_flag("organization_feature", active=True):
self.app.set_user(self.user.username)
self.admin, _ = User.objects.get_or_create(
email="mayor@igorville.com", first_name="Hello", last_name="World"
)
portfolio_additional_permissions = [
UserPortfolioPermissionChoices.VIEW_PORTFOLIO,
UserPortfolioPermissionChoices.EDIT_PORTFOLIO,
]
portfolio_permission, _ = UserPortfolioPermission.objects.get_or_create(
user=self.user, portfolio=self.portfolio, additional_permissions=portfolio_additional_permissions
)
portfolio_permission_admin, _ = UserPortfolioPermission.objects.get_or_create(
user=self.admin,
portfolio=self.portfolio,
additional_permissions=portfolio_additional_permissions,
roles=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN],
)
self.portfolio.address_line1 = "1600 Penn Ave"
self.portfolio.save()
portfolio_org_name_page = self.app.get(reverse("organization"))
session_id = self.app.cookies[settings.SESSION_COOKIE_NAME]
portfolio_org_name_page.form["address_line1"] = "6 Downing st"
portfolio_org_name_page.form["city"] = "London"
portfolio_org_name_page.form["zipcode"] = "11111"
self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id)
success_result_page = portfolio_org_name_page.form.submit()
self.assertEqual(success_result_page.status_code, 302)
# Verify that the notification emails were sent to domain manager
mock_send_organization_update_email.assert_called_once()
@less_console_noise_decorator @less_console_noise_decorator
def test_portfolio_in_session_when_organization_feature_active(self): def test_portfolio_in_session_when_organization_feature_active(self):
"""When organization_feature flag is true and user has a portfolio, """When organization_feature flag is true and user has a portfolio,
@ -1657,16 +1725,19 @@ class TestPortfolioMemberDeleteView(WebTest):
self.user = create_test_user() self.user = create_test_user()
self.domain, _ = Domain.objects.get_or_create(name="igorville.gov") self.domain, _ = Domain.objects.get_or_create(name="igorville.gov")
self.portfolio, _ = Portfolio.objects.get_or_create(creator=self.user, organization_name="Hotel California") self.portfolio, _ = Portfolio.objects.get_or_create(creator=self.user, organization_name="Hotel California")
self.domain_information, _ = DomainInformation.objects.get_or_create(
creator=self.user, domain=self.domain, portfolio=self.portfolio
)
self.role, _ = UserDomainRole.objects.get_or_create( self.role, _ = UserDomainRole.objects.get_or_create(
user=self.user, domain=self.domain, role=UserDomainRole.Roles.MANAGER user=self.user, domain=self.domain, role=UserDomainRole.Roles.MANAGER
) )
def tearDown(self): def tearDown(self):
UserPortfolioPermission.objects.all().delete() UserPortfolioPermission.objects.all().delete()
DomainInformation.objects.all().delete()
Portfolio.objects.all().delete() Portfolio.objects.all().delete()
UserDomainRole.objects.all().delete() UserDomainRole.objects.all().delete()
DomainRequest.objects.all().delete() DomainRequest.objects.all().delete()
DomainInformation.objects.all().delete()
Domain.objects.all().delete() Domain.objects.all().delete()
User.objects.all().delete() User.objects.all().delete()
super().tearDown() super().tearDown()
@ -1676,7 +1747,10 @@ class TestPortfolioMemberDeleteView(WebTest):
@override_flag("organization_members", active=True) @override_flag("organization_members", active=True)
@patch("registrar.views.portfolios.send_portfolio_admin_removal_emails") @patch("registrar.views.portfolios.send_portfolio_admin_removal_emails")
@patch("registrar.views.portfolios.send_portfolio_member_permission_remove_email") @patch("registrar.views.portfolios.send_portfolio_member_permission_remove_email")
def test_portfolio_member_delete_view_members_table_active_requests(self, send_member_removal, send_removal_emails): @patch("registrar.views.portfolios.send_domain_manager_removal_emails_to_domain_managers")
def test_portfolio_member_delete_view_members_table_active_requests(
self, send_domain_manager_removal_emails, send_member_removal, send_removal_emails
):
"""Error state w/ deleting a member with active request on Members Table""" """Error state w/ deleting a member with active request on Members Table"""
# I'm a user # I'm a user
UserPortfolioPermission.objects.get_or_create( UserPortfolioPermission.objects.get_or_create(
@ -1718,13 +1792,18 @@ class TestPortfolioMemberDeleteView(WebTest):
send_removal_emails.assert_not_called() send_removal_emails.assert_not_called()
# assert that send_portfolio_member_permission_remove_email is not called # assert that send_portfolio_member_permission_remove_email is not called
send_member_removal.assert_not_called() send_member_removal.assert_not_called()
# assert that send_domain_manager_removal_emails is not called
send_domain_manager_removal_emails.assert_not_called()
@less_console_noise_decorator @less_console_noise_decorator
@override_flag("organization_feature", active=True) @override_flag("organization_feature", active=True)
@override_flag("organization_members", active=True) @override_flag("organization_members", active=True)
@patch("registrar.views.portfolios.send_portfolio_admin_removal_emails") @patch("registrar.views.portfolios.send_portfolio_admin_removal_emails")
@patch("registrar.views.portfolios.send_portfolio_member_permission_remove_email") @patch("registrar.views.portfolios.send_portfolio_member_permission_remove_email")
def test_portfolio_member_delete_view_members_table_only_admin(self, send_member_removal, send_removal_emails): @patch("registrar.views.portfolios.send_domain_manager_removal_emails_to_domain_managers")
def test_portfolio_member_delete_view_members_table_only_admin(
self, send_domain_manager_removal_emails, send_member_removal, send_removal_emails
):
"""Error state w/ deleting a member that's the only admin on Members Table""" """Error state w/ deleting a member that's the only admin on Members Table"""
# I'm a user with admin permission # I'm a user with admin permission
@ -1757,13 +1836,18 @@ class TestPortfolioMemberDeleteView(WebTest):
send_removal_emails.assert_not_called() send_removal_emails.assert_not_called()
# assert that send_portfolio_member_permission_remove_email is not called # assert that send_portfolio_member_permission_remove_email is not called
send_member_removal.assert_not_called() send_member_removal.assert_not_called()
# assert that send_domain_manager_removal_emails is not called
send_domain_manager_removal_emails.assert_not_called()
@less_console_noise_decorator @less_console_noise_decorator
@override_flag("organization_feature", active=True) @override_flag("organization_feature", active=True)
@override_flag("organization_members", active=True) @override_flag("organization_members", active=True)
@patch("registrar.views.portfolios.send_portfolio_admin_removal_emails") @patch("registrar.views.portfolios.send_portfolio_admin_removal_emails")
@patch("registrar.views.portfolios.send_portfolio_member_permission_remove_email") @patch("registrar.views.portfolios.send_portfolio_member_permission_remove_email")
def test_portfolio_member_table_delete_member_success(self, send_member_removal, mock_send_removal_emails): @patch("registrar.views.portfolios.send_domain_manager_removal_emails_to_domain_managers")
def test_portfolio_member_table_delete_member_success(
self, send_domain_manager_removal_emails, send_member_removal, mock_send_removal_emails
):
"""Success state with deleting on Members Table page bc no active request AND not only admin""" """Success state with deleting on Members Table page bc no active request AND not only admin"""
# I'm a user # I'm a user
@ -1788,6 +1872,9 @@ class TestPortfolioMemberDeleteView(WebTest):
roles=[UserPortfolioRoleChoices.ORGANIZATION_MEMBER], roles=[UserPortfolioRoleChoices.ORGANIZATION_MEMBER],
) )
# Set up the member as a domain manager
UserDomainRole.objects.get_or_create(user=member, domain=self.domain, role=UserDomainRole.Roles.MANAGER)
# Member removal email sent successfully # Member removal email sent successfully
send_member_removal.return_value = True send_member_removal.return_value = True
@ -1815,6 +1902,8 @@ class TestPortfolioMemberDeleteView(WebTest):
mock_send_removal_emails.assert_not_called() mock_send_removal_emails.assert_not_called()
# assert that send_portfolio_member_permission_remove_email is called # assert that send_portfolio_member_permission_remove_email is called
send_member_removal.assert_called_once() send_member_removal.assert_called_once()
# assert that send_domain_manager_removal_emails_to_domain_managers
send_domain_manager_removal_emails.assert_called_once()
# Get the arguments passed to send_portfolio_member_permission_remove_email # Get the arguments passed to send_portfolio_member_permission_remove_email
_, called_kwargs = send_member_removal.call_args _, called_kwargs = send_member_removal.call_args
@ -1824,6 +1913,15 @@ class TestPortfolioMemberDeleteView(WebTest):
self.assertEqual(called_kwargs["permissions"].user, upp.user) self.assertEqual(called_kwargs["permissions"].user, upp.user)
self.assertEqual(called_kwargs["permissions"].portfolio, upp.portfolio) self.assertEqual(called_kwargs["permissions"].portfolio, upp.portfolio)
# Get the arguments passed to send_domain_manager_removal_emails_to_domain_managers
_, called_kwargs = send_domain_manager_removal_emails.call_args
# Assert the email content
self.assertEqual(called_kwargs["removed_by_user"], self.user)
self.assertEqual(called_kwargs["manager_removed"], upp.user)
self.assertEqual(called_kwargs["manager_removed_email"], upp.user.email)
self.assertEqual(called_kwargs["domain"], self.domain)
@less_console_noise_decorator @less_console_noise_decorator
@override_flag("organization_feature", active=True) @override_flag("organization_feature", active=True)
@override_flag("organization_members", active=True) @override_flag("organization_members", active=True)
@ -2639,7 +2737,8 @@ class TestPortfolioMemberDomainsEditView(TestWithUser, WebTest):
@override_flag("organization_feature", active=True) @override_flag("organization_feature", active=True)
@override_flag("organization_members", active=True) @override_flag("organization_members", active=True)
@patch("registrar.views.portfolios.send_domain_invitation_email") @patch("registrar.views.portfolios.send_domain_invitation_email")
def test_post_with_valid_added_domains(self, mock_send_domain_email): @patch("registrar.views.portfolios.send_domain_manager_removal_emails_to_domain_managers")
def test_post_with_valid_added_domains(self, send_domain_manager_removal_emails, mock_send_domain_email):
"""Test that domains can be successfully added.""" """Test that domains can be successfully added."""
self.client.force_login(self.user) self.client.force_login(self.user)
@ -2658,6 +2757,8 @@ class TestPortfolioMemberDomainsEditView(TestWithUser, WebTest):
self.assertEqual(str(messages[0]), "The domain assignment changes have been saved.") self.assertEqual(str(messages[0]), "The domain assignment changes have been saved.")
expected_domains = [self.domain1, self.domain2, self.domain3] expected_domains = [self.domain1, self.domain2, self.domain3]
# assert that send_domain_manager_removal_emails_to_domain_managers is not called
send_domain_manager_removal_emails.assert_not_called()
# Verify that the invitation email was sent # Verify that the invitation email was sent
mock_send_domain_email.assert_called_once() mock_send_domain_email.assert_called_once()
call_args = mock_send_domain_email.call_args.kwargs call_args = mock_send_domain_email.call_args.kwargs
@ -2670,7 +2771,8 @@ class TestPortfolioMemberDomainsEditView(TestWithUser, WebTest):
@override_flag("organization_feature", active=True) @override_flag("organization_feature", active=True)
@override_flag("organization_members", active=True) @override_flag("organization_members", active=True)
@patch("registrar.views.portfolios.send_domain_invitation_email") @patch("registrar.views.portfolios.send_domain_invitation_email")
def test_post_with_valid_removed_domains(self, mock_send_domain_email): @patch("registrar.views.portfolios.send_domain_manager_removal_emails_to_domain_managers")
def test_post_with_valid_removed_domains(self, send_domain_manager_removal_emails, mock_send_domain_email):
"""Test that domains can be successfully removed.""" """Test that domains can be successfully removed."""
self.client.force_login(self.user) self.client.force_login(self.user)
@ -2678,6 +2780,8 @@ class TestPortfolioMemberDomainsEditView(TestWithUser, WebTest):
domains = [self.domain1, self.domain2, self.domain3] domains = [self.domain1, self.domain2, self.domain3]
UserDomainRole.objects.bulk_create([UserDomainRole(domain=domain, user=self.user) for domain in domains]) UserDomainRole.objects.bulk_create([UserDomainRole(domain=domain, user=self.user) for domain in domains])
send_domain_manager_removal_emails.return_value = True
data = { data = {
"removed_domains": json.dumps([self.domain1.id, self.domain2.id]), "removed_domains": json.dumps([self.domain1.id, self.domain2.id]),
} }
@ -2694,7 +2798,19 @@ class TestPortfolioMemberDomainsEditView(TestWithUser, WebTest):
self.assertEqual(str(messages[0]), "The domain assignment changes have been saved.") self.assertEqual(str(messages[0]), "The domain assignment changes have been saved.")
# assert that send_domain_invitation_email is not called # assert that send_domain_invitation_email is not called
mock_send_domain_email.assert_not_called() mock_send_domain_email.assert_not_called()
# assert that send_domain_manager_removal_emails_to_domain_managers is called twice
send_domain_manager_removal_emails.assert_any_call(
removed_by_user=self.user,
manager_removed=self.portfolio_permission.user,
manager_removed_email=self.portfolio_permission.user.email,
domain=self.domain1,
)
send_domain_manager_removal_emails.assert_any_call(
removed_by_user=self.user,
manager_removed=self.portfolio_permission.user,
manager_removed_email=self.portfolio_permission.user.email,
domain=self.domain2,
)
UserDomainRole.objects.all().delete() UserDomainRole.objects.all().delete()
@less_console_noise_decorator @less_console_noise_decorator
@ -3930,17 +4046,59 @@ class TestPortfolioInviteNewMemberView(MockEppLib, WebTest):
response = self.client.post( response = self.client.post(
reverse("new-member"), reverse("new-member"),
{ {
"role": UserPortfolioRoleChoices.ORGANIZATION_MEMBER.value, "role": UserPortfolioRoleChoices.ORGANIZATION_ADMIN,
"domain_request_permission_member": UserPortfolioPermissionChoices.VIEW_ALL_REQUESTS.value,
"email": self.user.email, "email": self.user.email,
}, },
follow=True,
) )
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
with open("debug_response.html", "w") as f:
f.write(response.content.decode("utf-8"))
# Verify messages # Verify messages
self.assertContains( self.assertContains(
response, response,
f"{self.user.email} is already a member of another .gov organization.", "User is already a member of this portfolio.",
)
# Validate Database has not changed
invite_count_after = PortfolioInvitation.objects.count()
self.assertEqual(invite_count_after, invite_count_before)
# assert that send_portfolio_invitation_email is not called
mock_send_email.assert_not_called()
@less_console_noise_decorator
@override_flag("organization_feature", active=True)
@override_flag("organization_members", active=True)
@patch("registrar.views.portfolios.send_portfolio_invitation_email")
def test_member_invite_for_existing_member_uppercase(self, mock_send_email):
"""Tests the member invitation flow for existing portfolio member with a different case."""
self.client.force_login(self.user)
# Simulate a session to ensure continuity
session_id = self.client.session.session_key
self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id)
invite_count_before = PortfolioInvitation.objects.count()
# Simulate submission of member invite for user who has already been invited
response = self.client.post(
reverse("new-member"),
{
"role": UserPortfolioRoleChoices.ORGANIZATION_ADMIN,
"email": self.user.email.upper(),
},
follow=True,
)
self.assertEqual(response.status_code, 200)
with open("debug_response.html", "w") as f:
f.write(response.content.decode("utf-8"))
# Verify messages
self.assertContains(
response,
"User is already a member of this portfolio.",
) )
# Validate Database has not changed # Validate Database has not changed

67
src/registrar/tests/test_views_request.py
View file

@ -2550,7 +2550,7 @@ class DomainRequestTests(TestWithUser, WebTest):
# @less_console_noise_decorator # @less_console_noise_decorator
@override_flag("organization_feature", active=True) @override_flag("organization_feature", active=True)
def test_domain_request_dotgov_domain_FEB_questions(self): def test_domain_request_FEB_questions(self):
""" """
Test that for a member of a federal executive branch portfolio with org feature on, the dotgov domain page Test that for a member of a federal executive branch portfolio with org feature on, the dotgov domain page
contains additional questions for OMB. contains additional questions for OMB.
@ -2612,7 +2612,6 @@ class DomainRequestTests(TestWithUser, WebTest):
# separate out these tests for readability # separate out these tests for readability
self.feb_dotgov_domain_tests(dotgov_page) self.feb_dotgov_domain_tests(dotgov_page)
# Now proceed with the actual test
domain_form = dotgov_page.forms[0] domain_form = dotgov_page.forms[0]
domain = "test.gov" domain = "test.gov"
domain_form["dotgov_domain-requested_domain"] = domain domain_form["dotgov_domain-requested_domain"] = domain
@ -2630,6 +2629,36 @@ class DomainRequestTests(TestWithUser, WebTest):
self.feb_purpose_page_tests(purpose_page) self.feb_purpose_page_tests(purpose_page)
purpose_form = purpose_page.forms[0]
purpose_form["purpose-feb_purpose_choice"] = "redirect"
purpose_form["purpose-purpose"] = "test"
purpose_form["purpose-has_timeframe"] = "True"
purpose_form["purpose-time_frame_details"] = "test"
purpose_form["purpose-is_interagency_initiative"] = "True"
purpose_form["purpose-interagency_initiative_details"] = "test"
self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id)
purpose_result = purpose_form.submit()
# ---- ADDITIONAL DETAILS PAGE ----
self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id)
additional_details_page = purpose_result.follow()
self.feb_additional_details_page_tests(additional_details_page)
additional_details_form = additional_details_page.forms[0]
additional_details_form["portfolio_additional_details-working_with_eop"] = "True"
additional_details_form["portfolio_additional_details-first_name"] = "Testy"
additional_details_form["portfolio_additional_details-last_name"] = "Tester"
additional_details_form["portfolio_additional_details-email"] = "testy@town.com"
additional_details_form["portfolio_additional_details-has_anything_else_text"] = "True"
additional_details_form["portfolio_additional_details-anything_else"] = "test"
self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id)
additional_details_result = additional_details_form.submit()
# ---- REQUIREMENTS PAGE ----
self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id)
requirements_page = additional_details_result.follow()
self.feb_requirements_page_tests(requirements_page)
def feb_purpose_page_tests(self, purpose_page): def feb_purpose_page_tests(self, purpose_page):
self.assertContains(purpose_page, "What is the purpose of your requested domain?") self.assertContains(purpose_page, "What is the purpose of your requested domain?")
@ -2670,6 +2699,40 @@ class DomainRequestTests(TestWithUser, WebTest):
# Check that the details form was included # Check that the details form was included
self.assertContains(dotgov_page, "feb_naming_requirements_details") self.assertContains(dotgov_page, "feb_naming_requirements_details")
def feb_additional_details_page_tests(self, additional_details_page):
test_text = "Are you working with someone in the Executive Office of the President (EOP) on this request?"
self.assertContains(additional_details_page, test_text)
# Make sure the EOP form is present
self.assertContains(additional_details_page, "working_with_eop")
# Make sure the EOP contact form is present
self.assertContains(additional_details_page, "eop-contact-container")
self.assertContains(additional_details_page, "additional_details-first_name")
self.assertContains(additional_details_page, "additional_details-last_name")
self.assertContains(additional_details_page, "additional_details-email")
# Make sure the additional details form is present
self.assertContains(additional_details_page, "additional_details-has_anything_else_text")
self.assertContains(additional_details_page, "additional_details-anything_else")
def feb_requirements_page_tests(self, requirements_page):
# Check for the 21st Century IDEA Act links
self.assertContains(
requirements_page, "https://digital.gov/resources/delivering-digital-first-public-experience-act/"
)
self.assertContains(
requirements_page,
"https://bidenwhitehouse.gov/wp-content/uploads/2023/09/M-23-22-Delivering-a-Digital-First-Public-Experience.pdf", # noqa
)
# Check for the policy acknowledgement form
self.assertContains(requirements_page, "is_policy_acknowledged")
self.assertContains(
requirements_page,
"I read and understand the guidance outlined in the DOTGOV Act for operating a .gov domain.",
)
@less_console_noise_decorator @less_console_noise_decorator
def test_domain_request_formsets(self): def test_domain_request_formsets(self):
"""Users are able to add more than one of some fields.""" """Users are able to add more than one of some fields."""

8
src/registrar/utility/admin_helpers.py
View file

@ -1,4 +1,5 @@
from registrar.models.domain_request import DomainRequest from registrar.models.domain_request import DomainRequest
from django.conf import settings
from django.template.loader import get_template from django.template.loader import get_template
from django.utils.html import format_html from django.utils.html import format_html
from django.urls import reverse from django.urls import reverse
@ -35,8 +36,13 @@ def _get_default_email(domain_request, file_path, reason, excluded_reasons=None)
return None return None
recipient = domain_request.creator recipient = domain_request.creator
env_base_url = settings.BASE_URL
# If NOT in prod, update instances of "manage.get.gov" links to point to
# current environment, ie "getgov-rh.app.cloud.gov"
manage_url = env_base_url if not settings.IS_PRODUCTION else "https://manage.get.gov"
# Return the context of the rendered views # Return the context of the rendered views
context = {"domain_request": domain_request, "recipient": recipient, "reason": reason} context = {"domain_request": domain_request, "recipient": recipient, "reason": reason, "manage_url": manage_url}
email_body_text = get_template(file_path).render(context=context) email_body_text = get_template(file_path).render(context=context)
email_body_text_cleaned = email_body_text.strip().lstrip("\n") if email_body_text else None email_body_text_cleaned = email_body_text.strip().lstrip("\n") if email_body_text else None

10
src/registrar/utility/csv_export.py
View file

@ -579,8 +579,8 @@ class DomainExport(BaseExport):
Q(portfolio__isnull=False) & Q(portfolio__federal_agency__isnull=False), Q(portfolio__isnull=False) & Q(portfolio__federal_agency__isnull=False),
then=F("portfolio__federal_agency__federal_type"), then=F("portfolio__federal_agency__federal_type"),
), ),
# Otherwise, return the natively assigned value # Otherwise, return the federal type from federal agency
default=F("federal_type"), default=F("federal_agency__federal_type"),
output_field=CharField(), output_field=CharField(),
), ),
"converted_organization_name": Case( "converted_organization_name": Case(
@ -740,7 +740,7 @@ class DomainExport(BaseExport):
domain_type = f"{human_readable_domain_org_type} - {human_readable_domain_federal_type}" domain_type = f"{human_readable_domain_org_type} - {human_readable_domain_federal_type}"
security_contact_email = model.get("security_contact_email") security_contact_email = model.get("security_contact_email")
invalid_emails = {DefaultEmail.LEGACY_DEFAULT.value, DefaultEmail.PUBLIC_CONTACT_DEFAULT.value} invalid_emails = DefaultEmail.get_all_emails()
if ( if (
not security_contact_email not security_contact_email
or not isinstance(security_contact_email, str) or not isinstance(security_contact_email, str)
@ -1654,8 +1654,8 @@ class DomainRequestExport(BaseExport):
Q(portfolio__isnull=False) & Q(portfolio__federal_agency__isnull=False), Q(portfolio__isnull=False) & Q(portfolio__federal_agency__isnull=False),
then=F("portfolio__federal_agency__federal_type"), then=F("portfolio__federal_agency__federal_type"),
), ),
# Otherwise, return the natively assigned value # Otherwise, return the federal type from federal agency
default=F("federal_type"), default=F("federal_agency__federal_type"),
output_field=CharField(), output_field=CharField(),
), ),
"converted_organization_name": Case( "converted_organization_name": Case(

261
src/registrar/utility/email_invitations.py
View file

@ -3,6 +3,7 @@ from django.conf import settings
from registrar.models import Domain, DomainInvitation, UserDomainRole from registrar.models import Domain, DomainInvitation, UserDomainRole
from registrar.models.portfolio import Portfolio from registrar.models.portfolio import Portfolio
from registrar.models.portfolio_invitation import PortfolioInvitation from registrar.models.portfolio_invitation import PortfolioInvitation
from registrar.models.user import User
from registrar.models.user_portfolio_permission import UserPortfolioPermission from registrar.models.user_portfolio_permission import UserPortfolioPermission
from registrar.models.utility.portfolio_helper import UserPortfolioRoleChoices from registrar.models.utility.portfolio_helper import UserPortfolioRoleChoices
from registrar.utility.errors import ( from registrar.utility.errors import (
@ -18,6 +19,88 @@ import logging
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
def _normalize_domains(domains: Domain | list[Domain]) -> list[Domain]:
"""Ensures domains is always a list."""
return [domains] if isinstance(domains, Domain) else domains
def _get_requestor_email(requestor, domains=None, portfolio=None):
"""Get the requestor's email or raise an error if it's missing.
If the requestor is staff, default email is returned.
Raises:
MissingEmailError
"""
if requestor.is_staff:
return settings.DEFAULT_FROM_EMAIL
if not requestor.email or requestor.email.strip() == "":
domain_names = None
if domains:
domain_names = ", ".join([domain.name for domain in domains])
raise MissingEmailError(email=requestor.email, domain=domain_names, portfolio=portfolio)
return requestor.email
def _validate_invitation(email, user, domains, requestor, is_member_of_different_org):
"""Validate the invitation conditions."""
_check_outside_org_membership(email, requestor, is_member_of_different_org)
for domain in domains:
_validate_existing_invitation(email, user, domain)
# NOTE: should we also be validating against existing user_domain_roles
def _check_outside_org_membership(email, requestor, is_member_of_different_org):
"""Raise an error if the email belongs to a different organization."""
if (
flag_is_active_for_user(requestor, "organization_feature")
and not flag_is_active_for_user(requestor, "multiple_portfolios")
and is_member_of_different_org
):
raise OutsideOrgMemberError(email=email)
def _validate_existing_invitation(email, user, domain):
"""Check for existing invitations and handle their status."""
try:
invite = DomainInvitation.objects.get(email=email, domain=domain)
if invite.status == DomainInvitation.DomainInvitationStatus.RETRIEVED:
raise AlreadyDomainManagerError(email)
elif invite.status == DomainInvitation.DomainInvitationStatus.CANCELED:
invite.update_cancellation_status()
invite.save()
else:
raise AlreadyDomainInvitedError(email)
except DomainInvitation.DoesNotExist:
pass
if user:
if UserDomainRole.objects.filter(user=user, domain=domain).exists():
raise AlreadyDomainManagerError(email)
def _send_domain_invitation_email(email, requestor_email, domains, requested_user):
"""Send the invitation email."""
try:
send_templated_email(
"emails/domain_invitation.txt",
"emails/domain_invitation_subject.txt",
to_address=email,
context={
"domains": domains,
"requestor_email": requestor_email,
"invitee_email_address": email,
"requested_user": requested_user,
},
)
except EmailSendingError as err:
domain_names = ", ".join([domain.name for domain in domains])
raise EmailSendingError(f"Could not send email invitation to {email} for domains: {domain_names}") from err
def send_domain_invitation_email( def send_domain_invitation_email(
email: str, requestor, domains: Domain | list[Domain], is_member_of_different_org, requested_user=None email: str, requestor, domains: Domain | list[Domain], is_member_of_different_org, requested_user=None
): ):
@ -46,12 +129,12 @@ def send_domain_invitation_email(
_validate_invitation(email, requested_user, domains, requestor, is_member_of_different_org) _validate_invitation(email, requested_user, domains, requestor, is_member_of_different_org)
send_invitation_email(email, requestor_email, domains, requested_user) _send_domain_invitation_email(email, requestor_email, domains, requested_user)
all_manager_emails_sent = True all_manager_emails_sent = True
# send emails to domain managers # send emails to domain managers
for domain in domains: for domain in domains:
if not send_emails_to_domain_managers( if not _send_domain_invitation_update_emails_to_domain_managers(
email=email, email=email,
requestor_email=requestor_email, requestor_email=requestor_email,
domain=domain, domain=domain,
@ -62,7 +145,9 @@ def send_domain_invitation_email(
return all_manager_emails_sent return all_manager_emails_sent
def send_emails_to_domain_managers(email: str, requestor_email, domain: Domain, requested_user=None): def _send_domain_invitation_update_emails_to_domain_managers(
email: str, requestor_email, domain: Domain, requested_user=None
):
""" """
Notifies all domain managers of the provided domain of a change Notifies all domain managers of the provided domain of a change
@ -96,86 +181,54 @@ def send_emails_to_domain_managers(email: str, requestor_email, domain: Domain,
return all_emails_sent return all_emails_sent
def _normalize_domains(domains: Domain | list[Domain]) -> list[Domain]: def send_domain_manager_removal_emails_to_domain_managers(
"""Ensures domains is always a list.""" removed_by_user: User,
return [domains] if isinstance(domains, Domain) else domains manager_removed: User,
manager_removed_email: str,
domain: Domain,
def _get_requestor_email(requestor, domains=None, portfolio=None): ):
"""Get the requestor's email or raise an error if it's missing.
If the requestor is staff, default email is returned.
Raises:
MissingEmailError
""" """
if requestor.is_staff: Notifies all domain managers that a domain manager has been removed.
return settings.DEFAULT_FROM_EMAIL
if not requestor.email or requestor.email.strip() == "": Args:
domain_names = None removed_by_user(User): The user who initiated the removal.
if domains: manager_removed(User): The user being removed.
domain_names = ", ".join([domain.name for domain in domains]) manager_removed_email(str): The email of the user being removed (in case no User).
raise MissingEmailError(email=requestor.email, domain=domain_names, portfolio=portfolio) domain(Domain): The domain the user is being removed from.
return requestor.email Returns:
Boolean indicating if all messages were sent successfully.
"""
def _validate_invitation(email, user, domains, requestor, is_member_of_different_org): all_emails_sent = True
"""Validate the invitation conditions.""" # Get each domain manager from list
check_outside_org_membership(email, requestor, is_member_of_different_org) user_domain_roles = UserDomainRole.objects.filter(domain=domain)
if manager_removed:
for domain in domains: user_domain_roles = user_domain_roles.exclude(user=manager_removed)
_validate_existing_invitation(email, user, domain) for user_domain_role in user_domain_roles:
# Send email to each domain manager
# NOTE: should we also be validating against existing user_domain_roles user = user_domain_role.user
try:
send_templated_email(
def check_outside_org_membership(email, requestor, is_member_of_different_org): "emails/domain_manager_deleted_notification.txt",
"""Raise an error if the email belongs to a different organization.""" "emails/domain_manager_deleted_notification_subject.txt",
if ( to_address=user.email,
flag_is_active_for_user(requestor, "organization_feature") context={
and not flag_is_active_for_user(requestor, "multiple_portfolios") "domain": domain,
and is_member_of_different_org "removed_by": removed_by_user,
): "manager_removed_email": manager_removed_email,
raise OutsideOrgMemberError(email=email) "date": date.today(),
},
)
def _validate_existing_invitation(email, user, domain): except EmailSendingError:
"""Check for existing invitations and handle their status.""" logger.warning(
try: "Could not send notification email to %s for domain %s",
invite = DomainInvitation.objects.get(email=email, domain=domain) user.email,
if invite.status == DomainInvitation.DomainInvitationStatus.RETRIEVED: domain.name,
raise AlreadyDomainManagerError(email) exc_info=True,
elif invite.status == DomainInvitation.DomainInvitationStatus.CANCELED: )
invite.update_cancellation_status() all_emails_sent = False
invite.save() return all_emails_sent
else:
raise AlreadyDomainInvitedError(email)
except DomainInvitation.DoesNotExist:
pass
if user:
if UserDomainRole.objects.filter(user=user, domain=domain).exists():
raise AlreadyDomainManagerError(email)
def send_invitation_email(email, requestor_email, domains, requested_user):
"""Send the invitation email."""
try:
send_templated_email(
"emails/domain_invitation.txt",
"emails/domain_invitation_subject.txt",
to_address=email,
context={
"domains": domains,
"requestor_email": requestor_email,
"invitee_email_address": email,
"requested_user": requested_user,
},
)
except EmailSendingError as err:
domain_names = ", ".join([domain.name for domain in domains])
raise EmailSendingError(f"Could not send email invitation to {email} for domains: {domain_names}") from err
def send_portfolio_invitation_email(email: str, requestor, portfolio, is_admin_invitation): def send_portfolio_invitation_email(email: str, requestor, portfolio, is_admin_invitation):
@ -227,6 +280,56 @@ def send_portfolio_invitation_email(email: str, requestor, portfolio, is_admin_i
return all_admin_emails_sent return all_admin_emails_sent
def send_portfolio_update_emails_to_portfolio_admins(editor, portfolio, updated_page):
"""
Sends an email notification to all portfolio admin when portfolio organization is updated.
Raises exceptions for validation or email-sending issues.
Args:
editor (User): The user editing the portfolio organization.
portfolio (Portfolio): The portfolio object whose organization information is changed.
Returns:
Boolean indicating if all messages were sent successfully.
Raises:
MissingEmailError: If the requestor has no email associated with their account.
EmailSendingError: If there is an error while sending the email.
"""
all_emails_sent = True
# Get each portfolio admin from list
user_portfolio_permissions = UserPortfolioPermission.objects.filter(
portfolio=portfolio, roles__contains=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
)
for user_portfolio_permission in user_portfolio_permissions:
# Send email to each portfolio_admin
user = user_portfolio_permission.user
try:
send_templated_email(
"emails/portfolio_org_update_notification.txt",
"emails/portfolio_org_update_notification_subject.txt",
to_address=user.email,
context={
"requested_user": user,
"portfolio": portfolio,
"editor": editor,
"portfolio_admin": user,
"date": date.today(),
"updated_info": updated_page,
},
)
except EmailSendingError:
logger.warning(
"Could not send email organization admin notification to %s " "for portfolio: %s",
user.email,
portfolio,
exc_info=True,
)
all_emails_sent = False
return all_emails_sent
def send_portfolio_member_permission_update_email(requestor, permissions: UserPortfolioPermission): def send_portfolio_member_permission_update_email(requestor, permissions: UserPortfolioPermission):
""" """
Sends an email notification to a portfolio member when their permissions are updated. Sends an email notification to a portfolio member when their permissions are updated.

16
src/registrar/utility/enums.py
View file

@ -29,18 +29,26 @@ class LogCode(Enum):
DEFAULT = 5 DEFAULT = 5
class DefaultEmail(Enum): class DefaultEmail(StrEnum):
"""Stores the string values of default emails """Stores the string values of default emails
Overview of emails: Overview of emails:
- PUBLIC_CONTACT_DEFAULT: "dotgov@cisa.dhs.gov" - PUBLIC_CONTACT_DEFAULT: "help@get.gov"
- OLD_PUBLIC_CONTACT_DEFAULT: "dotgov@cisa.dhs.gov"
- LEGACY_DEFAULT: "registrar@dotgov.gov" - LEGACY_DEFAULT: "registrar@dotgov.gov"
- HELP_EMAIL: "help@get.gov"
""" """
PUBLIC_CONTACT_DEFAULT = "dotgov@cisa.dhs.gov" PUBLIC_CONTACT_DEFAULT = "help@get.gov"
# We used to use this email for default public contacts.
# This is retained for data correctness, but it will be phased out.
# help@get.gov is the current email that we use for these now.
OLD_PUBLIC_CONTACT_DEFAULT = "dotgov@cisa.dhs.gov"
LEGACY_DEFAULT = "registrar@dotgov.gov" LEGACY_DEFAULT = "registrar@dotgov.gov"
@classmethod
def get_all_emails(cls):
return [email for email in cls]
class DefaultUserValues(StrEnum): class DefaultUserValues(StrEnum):
"""Stores default values for a default user. """Stores default values for a default user.

5
src/registrar/utility/errors.py
View file

@ -241,6 +241,7 @@ class DsDataErrorCodes(IntEnum):
- 3 INVALID_DIGEST_SHA256 invalid digest for digest type SHA-256 - 3 INVALID_DIGEST_SHA256 invalid digest for digest type SHA-256
- 4 INVALID_DIGEST_CHARS invalid chars in digest - 4 INVALID_DIGEST_CHARS invalid chars in digest
- 5 INVALID_KEYTAG_SIZE invalid key tag size > 65535 - 5 INVALID_KEYTAG_SIZE invalid key tag size > 65535
- 6 INVALID_KEYTAG_CHARS invalid key tag, not numeric
""" """
BAD_DATA = 1 BAD_DATA = 1
@ -248,6 +249,7 @@ class DsDataErrorCodes(IntEnum):
INVALID_DIGEST_SHA256 = 3 INVALID_DIGEST_SHA256 = 3
INVALID_DIGEST_CHARS = 4 INVALID_DIGEST_CHARS = 4
INVALID_KEYTAG_SIZE = 5 INVALID_KEYTAG_SIZE = 5
INVALID_KEYTAG_CHARS = 6
class DsDataError(Exception): class DsDataError(Exception):
@ -263,7 +265,8 @@ class DsDataError(Exception):
DsDataErrorCodes.INVALID_DIGEST_SHA1: ("SHA-1 digest must be exactly 40 characters."), DsDataErrorCodes.INVALID_DIGEST_SHA1: ("SHA-1 digest must be exactly 40 characters."),
DsDataErrorCodes.INVALID_DIGEST_SHA256: ("SHA-256 digest must be exactly 64 characters."), DsDataErrorCodes.INVALID_DIGEST_SHA256: ("SHA-256 digest must be exactly 64 characters."),
DsDataErrorCodes.INVALID_DIGEST_CHARS: ("Digest must contain only alphanumeric characters (0-9, a-f)."), DsDataErrorCodes.INVALID_DIGEST_CHARS: ("Digest must contain only alphanumeric characters (0-9, a-f)."),
DsDataErrorCodes.INVALID_KEYTAG_SIZE: ("Key tag must be less than 65535."), DsDataErrorCodes.INVALID_KEYTAG_SIZE: ("Enter a number between 0 and 65535."),
DsDataErrorCodes.INVALID_KEYTAG_CHARS: ("Key tag must be numeric (0-9)."),
} }
def __init__(self, *args, code=None, **kwargs): def __init__(self, *args, code=None, **kwargs):

87
src/registrar/views/domain.py
View file

@ -68,7 +68,11 @@ from epplibwrapper import (
) )
from ..utility.email import send_templated_email, EmailSendingError from ..utility.email import send_templated_email, EmailSendingError
from ..utility.email_invitations import send_domain_invitation_email, send_portfolio_invitation_email from ..utility.email_invitations import (
send_domain_invitation_email,
send_domain_manager_removal_emails_to_domain_managers,
send_portfolio_invitation_email,
)
from django import forms from django import forms
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@ -398,7 +402,7 @@ class DomainView(DomainBaseView):
def get_context_data(self, **kwargs): def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs) context = super().get_context_data(**kwargs)
default_emails = [DefaultEmail.PUBLIC_CONTACT_DEFAULT.value, DefaultEmail.LEGACY_DEFAULT.value] default_emails = DefaultEmail.get_all_emails()
context["hidden_security_emails"] = default_emails context["hidden_security_emails"] = default_emails
@ -456,7 +460,7 @@ class DomainRenewalView(DomainBaseView):
context = super().get_context_data(**kwargs) context = super().get_context_data(**kwargs)
default_emails = [DefaultEmail.PUBLIC_CONTACT_DEFAULT.value, DefaultEmail.LEGACY_DEFAULT.value] default_emails = DefaultEmail.get_all_emails()
context["hidden_security_emails"] = default_emails context["hidden_security_emails"] = default_emails
@ -1060,10 +1064,6 @@ class DomainDsDataView(DomainFormBaseView):
for record in dnssecdata.dsData for record in dnssecdata.dsData
) )
# Ensure at least 1 record, filled or empty
while len(initial_data) == 0:
initial_data.append({})
return initial_data return initial_data
def get_success_url(self): def get_success_url(self):
@ -1082,29 +1082,8 @@ class DomainDsDataView(DomainFormBaseView):
"""Formset submission posts to this view.""" """Formset submission posts to this view."""
self._get_domain(request) self._get_domain(request)
formset = self.get_form() formset = self.get_form()
override = False
# This is called by the form cancel button, if formset.is_valid():
# and also by the modal's X and cancel buttons
if "btn-cancel-click" in request.POST:
url = self.get_success_url()
return HttpResponseRedirect(url)
# This is called by the Disable DNSSEC modal to override
if "disable-override-click" in request.POST:
override = True
# This is called when all DNSSEC data has been deleted and the
# Save button is pressed
if len(formset) == 0 and formset.initial != [{}] and override is False:
# trigger the modal
# get context data from super() rather than self
# to preserve the context["form"]
context = super().get_context_data(form=formset)
context["trigger_modal"] = True
return self.render_to_response(context)
if formset.is_valid() or override:
return self.form_valid(formset) return self.form_valid(formset)
else: else:
return self.form_invalid(formset) return self.form_invalid(formset)
@ -1116,11 +1095,12 @@ class DomainDsDataView(DomainFormBaseView):
dnssecdata = extensions.DNSSECExtension() dnssecdata = extensions.DNSSECExtension()
for form in formset: for form in formset:
if form.cleaned_data.get("DELETE"): # Check if form is marked for deletion
continue # Skip processing this form
try: try:
# if 'delete' not in form.cleaned_data
# or form.cleaned_data['delete'] == False:
dsrecord = { dsrecord = {
"keyTag": form.cleaned_data["key_tag"], "keyTag": int(form.cleaned_data["key_tag"]),
"alg": int(form.cleaned_data["algorithm"]), "alg": int(form.cleaned_data["algorithm"]),
"digestType": int(form.cleaned_data["digest_type"]), "digestType": int(form.cleaned_data["digest_type"]),
"digest": form.cleaned_data["digest"], "digest": form.cleaned_data["digest"],
@ -1166,7 +1146,7 @@ class DomainSecurityEmailView(DomainFormBaseView):
initial = super().get_initial() initial = super().get_initial()
security_contact = self.object.security_contact security_contact = self.object.security_contact
invalid_emails = [DefaultEmail.PUBLIC_CONTACT_DEFAULT.value, DefaultEmail.LEGACY_DEFAULT.value] invalid_emails = DefaultEmail.get_all_emails()
if security_contact is None or security_contact.email in invalid_emails: if security_contact is None or security_contact.email in invalid_emails:
initial["security_email"] = None initial["security_email"] = None
return initial return initial
@ -1474,48 +1454,17 @@ class DomainDeleteUserView(DeleteView):
super().form_valid(form) super().form_valid(form)
# Email all domain managers that domain manager has been removed # Email all domain managers that domain manager has been removed
domain = self.object.domain send_domain_manager_removal_emails_to_domain_managers(
removed_by_user=self.request.user,
context = { manager_removed=self.object.user,
"domain": domain, manager_removed_email=self.object.user.email,
"removed_by": self.request.user, domain=self.object.domain,
"manager_removed": self.object.user,
"date": date.today(),
"changes": "Domain Manager",
}
self.email_domain_managers(
domain,
"emails/domain_manager_deleted_notification.txt",
"emails/domain_manager_deleted_notification_subject.txt",
context,
) )
# Add a success message # Add a success message
messages.success(self.request, self.get_success_message()) messages.success(self.request, self.get_success_message())
return redirect(self.get_success_url()) return redirect(self.get_success_url())
def email_domain_managers(self, domain: Domain, template: str, subject_template: str, context={}):
manager_pks = UserDomainRole.objects.filter(domain=domain.pk, role=UserDomainRole.Roles.MANAGER).values_list(
"user", flat=True
)
emails = list(User.objects.filter(pk__in=manager_pks).values_list("email", flat=True))
for email in emails:
try:
send_templated_email(
template,
subject_template,
to_address=email,
context=context,
)
except EmailSendingError:
logger.warning(
"Could not send notification email to %s for domain %s",
email,
domain.name,
exc_info=True,
)
def post(self, request, *args, **kwargs): def post(self, request, *args, **kwargs):
"""Custom post implementation to ensure last userdomainrole is not removed and to """Custom post implementation to ensure last userdomainrole is not removed and to
redirect to home in the event that the user deletes themselves""" redirect to home in the event that the user deletes themselves"""

74
src/registrar/views/domain_request.py
View file

@ -227,7 +227,6 @@ class DomainRequestWizard(TemplateView):
creator=self.request.user, creator=self.request.user,
portfolio=portfolio, portfolio=portfolio,
) )
# Question for reviewers: we should probably be doing this right? # Question for reviewers: we should probably be doing this right?
if portfolio and not self._domain_request.generic_org_type: if portfolio and not self._domain_request.generic_org_type:
self._domain_request.generic_org_type = portfolio.organization_type self._domain_request.generic_org_type = portfolio.organization_type
@ -598,14 +597,55 @@ class RequestingEntity(DomainRequestWizard):
"suborganization_state_territory": None, "suborganization_state_territory": None,
} }
) )
super().save(forms) super().save(forms)
class PortfolioAdditionalDetails(DomainRequestWizard): class PortfolioAdditionalDetails(DomainRequestWizard):
template_name = "portfolio_domain_request_additional_details.html" template_name = "portfolio_domain_request_additional_details.html"
forms = [forms.PortfolioAnythingElseForm] forms = [
feb.WorkingWithEOPYesNoForm,
feb.EOPContactForm,
feb.FEBAnythingElseYesNoForm,
forms.PortfolioAnythingElseForm,
]
def get_context_data(self):
context = super().get_context_data()
context["requires_feb_questions"] = self.requires_feb_questions()
return context
def is_valid(self, forms: list) -> bool:
"""
Validates the forms for portfolio additional details.
Expected order of forms_list:
0: WorkingWithEOPYesNoForm
1: EOPContactForm
2: FEBAnythingElseYesNoForm
3: PortfolioAnythingElseForm
"""
eop_forms_valid = True
if not forms[0].is_valid():
# If the user isn't working with EOP, don't validate the EOP contact form
forms[1].mark_form_for_deletion()
eop_forms_valid = False
if forms[0].cleaned_data.get("working_with_eop"):
eop_forms_valid = forms[1].is_valid()
else:
forms[1].mark_form_for_deletion()
anything_else_forms_valid = True
if not forms[2].is_valid():
forms[3].mark_form_for_deletion()
anything_else_forms_valid = False
if forms[2].cleaned_data.get("has_anything_else_text"):
forms[3].fields["anything_else"].required = True
forms[3].fields["anything_else"].error_messages[
"required"
] = "Please provide additional details you'd like us to know. \
If you have nothing to add, select 'No'."
anything_else_forms_valid = forms[3].is_valid()
return eop_forms_valid and anything_else_forms_valid
# Non-portfolio pages # Non-portfolio pages
@ -889,6 +929,29 @@ class Requirements(DomainRequestWizard):
template_name = "domain_request_requirements.html" template_name = "domain_request_requirements.html"
forms = [forms.RequirementsForm] forms = [forms.RequirementsForm]
def get_context_data(self):
context = super().get_context_data()
context["requires_feb_questions"] = self.requires_feb_questions()
return context
# Override the get_forms method to set the policy acknowledgement label conditionally based on feb status
def get_forms(self, step=None, use_post=False, use_db=False, files=None):
forms_list = super().get_forms(step, use_post, use_db, files)
# Pass the is_federal context to the form
for form in forms_list:
if isinstance(form, forms.RequirementsForm):
if self.requires_feb_questions():
form.fields["is_policy_acknowledged"].label = (
"I read and understand the guidance outlined in the DOTGOV Act for operating a .gov domain." # noqa: E501
)
else:
form.fields["is_policy_acknowledged"].label = (
"I read and agree to the requirements for operating a .gov domain." # noqa: E501
)
return forms_list
class Review(DomainRequestWizard): class Review(DomainRequestWizard):
template_name = "domain_request_review.html" template_name = "domain_request_review.html"
@ -901,6 +964,7 @@ class Review(DomainRequestWizard):
context = super().get_context_data() context = super().get_context_data()
context["Step"] = self.get_step_enum().__members__ context["Step"] = self.get_step_enum().__members__
context["domain_request"] = self.domain_request context["domain_request"] = self.domain_request
context["requires_feb_questions"] = self.requires_feb_questions()
return context return context
def goto_next_step(self): def goto_next_step(self):
@ -931,11 +995,9 @@ class Finished(DomainRequestWizard):
forms = [] # type: ignore forms = [] # type: ignore
def get(self, request, *args, **kwargs): def get(self, request, *args, **kwargs):
context = self.get_context_data()
context["domain_request_id"] = self.domain_request.id
# clean up this wizard session, because we are done with it # clean up this wizard session, because we are done with it
del self.storage del self.storage
return render(self.request, self.template_name, context) return render(self.request, self.template_name)
@grant_access(IS_DOMAIN_REQUEST_CREATOR, HAS_PORTFOLIO_DOMAIN_REQUESTS_EDIT) @grant_access(IS_DOMAIN_REQUEST_CREATOR, HAS_PORTFOLIO_DOMAIN_REQUESTS_EDIT)

136
src/registrar/views/portfolios.py
View file

@ -29,12 +29,14 @@ from registrar.models.utility.portfolio_helper import UserPortfolioPermissionCho
from registrar.utility.email import EmailSendingError from registrar.utility.email import EmailSendingError
from registrar.utility.email_invitations import ( from registrar.utility.email_invitations import (
send_domain_invitation_email, send_domain_invitation_email,
send_domain_manager_removal_emails_to_domain_managers,
send_portfolio_admin_addition_emails, send_portfolio_admin_addition_emails,
send_portfolio_admin_removal_emails, send_portfolio_admin_removal_emails,
send_portfolio_invitation_email, send_portfolio_invitation_email,
send_portfolio_invitation_remove_email, send_portfolio_invitation_remove_email,
send_portfolio_member_permission_remove_email, send_portfolio_member_permission_remove_email,
send_portfolio_member_permission_update_email, send_portfolio_member_permission_update_email,
send_portfolio_update_emails_to_portfolio_admins,
) )
from registrar.utility.errors import MissingEmailError from registrar.utility.errors import MissingEmailError
from registrar.utility.enums import DefaultUserValues from registrar.utility.enums import DefaultUserValues
@ -193,6 +195,31 @@ class PortfolioMemberDeleteView(View):
messages.warning( messages.warning(
request, f"Could not send email notification to {portfolio_member_permission.user.email}" request, f"Could not send email notification to {portfolio_member_permission.user.email}"
) )
# Notify domain managers for domains which the member is being removed from
# Get list of portfolio domains that the member is invited to:
invited_domains = Domain.objects.filter(
invitations__email=portfolio_member_permission.user.email,
domain_info__portfolio=portfolio_member_permission.portfolio,
invitations__status=DomainInvitation.DomainInvitationStatus.INVITED,
).distinct()
# Get list of portfolio domains that the member is a manager of
domains = Domain.objects.filter(
permissions__user=portfolio_member_permission.user,
domain_info__portfolio=portfolio_member_permission.portfolio,
).distinct()
# Combine both querysets while ensuring uniqueness
all_domains = domains.union(invited_domains)
for domain in all_domains:
if not send_domain_manager_removal_emails_to_domain_managers(
removed_by_user=request.user,
manager_removed=portfolio_member_permission.user,
manager_removed_email=portfolio_member_permission.user.email,
domain=domain,
):
messages.warning(
request, "Could not send email notification to existing domain managers for %s", domain
)
except Exception as e: except Exception as e:
self._handle_exceptions(e) self._handle_exceptions(e)
@ -432,6 +459,20 @@ class PortfolioMemberDomainsEditView(DetailView, View):
Processes removed domains by deleting corresponding UserDomainRole instances. Processes removed domains by deleting corresponding UserDomainRole instances.
""" """
if removed_domain_ids: if removed_domain_ids:
# Notify domain managers for domains which the member is being removed from
# Fetch Domain objects from removed_domain_ids
removed_domains = Domain.objects.filter(id__in=removed_domain_ids)
# need to get the domains from removed_domain_ids
for domain in removed_domains:
if not send_domain_manager_removal_emails_to_domain_managers(
removed_by_user=self.request.user,
manager_removed=member,
manager_removed_email=member.email,
domain=domain,
):
messages.warning(
self.request, "Could not send email notification to existing domain managers for %s", domain
)
# Delete UserDomainRole instances for removed domains # Delete UserDomainRole instances for removed domains
UserDomainRole.objects.filter(domain_id__in=removed_domain_ids, user=member).delete() UserDomainRole.objects.filter(domain_id__in=removed_domain_ids, user=member).delete()
@ -502,6 +543,31 @@ class PortfolioInvitedMemberDeleteView(View):
messages.warning(self.request, "Could not send email notification to existing organization admins.") messages.warning(self.request, "Could not send email notification to existing organization admins.")
if not send_portfolio_invitation_remove_email(requestor=request.user, invitation=portfolio_invitation): if not send_portfolio_invitation_remove_email(requestor=request.user, invitation=portfolio_invitation):
messages.warning(request, f"Could not send email notification to {portfolio_invitation.email}") messages.warning(request, f"Could not send email notification to {portfolio_invitation.email}")
# Notify domain managers for domains which the invited member is being removed from
# Get list of portfolio domains that the invited member is invited to:
invited_domains = Domain.objects.filter(
invitations__email=portfolio_invitation.email,
domain_info__portfolio=portfolio_invitation.portfolio,
invitations__status=DomainInvitation.DomainInvitationStatus.INVITED,
).distinct()
# Get list of portfolio domains that the member is a manager of
domains = Domain.objects.filter(
permissions__user__email=portfolio_invitation.email,
domain_info__portfolio=portfolio_invitation.portfolio,
).distinct()
# Combine both querysets while ensuring uniqueness
all_domains = domains.union(invited_domains)
for domain in all_domains:
if not send_domain_manager_removal_emails_to_domain_managers(
removed_by_user=request.user,
manager_removed=None,
manager_removed_email=portfolio_invitation.email,
domain=domain,
):
messages.warning(
request, "Could not send email notification to existing domain managers for %s", domain
)
except Exception as e: except Exception as e:
self._handle_exceptions(e) self._handle_exceptions(e)
@ -740,6 +806,21 @@ class PortfolioInvitedMemberDomainsEditView(DetailView, View):
if not removed_domain_ids: if not removed_domain_ids:
return return
# Notify domain managers for domains which the member is being removed from
# Fetch Domain objects from removed_domain_ids
removed_domains = Domain.objects.filter(id__in=removed_domain_ids)
# need to get the domains from removed_domain_ids
for domain in removed_domains:
if not send_domain_manager_removal_emails_to_domain_managers(
removed_by_user=self.request.user,
manager_removed=None,
manager_removed_email=email,
domain=domain,
):
messages.warning(
self.request, "Could not send email notification to existing domain managers for %s", domain
)
# Update invitations from INVITED to CANCELED # Update invitations from INVITED to CANCELED
DomainInvitation.objects.filter( DomainInvitation.objects.filter(
domain_id__in=removed_domain_ids, domain_id__in=removed_domain_ids,
@ -850,6 +931,20 @@ class PortfolioOrganizationView(DetailView, FormMixin):
self.object = self.get_object() self.object = self.get_object()
form = self.get_form() form = self.get_form()
if form.is_valid(): if form.is_valid():
user = request.user
try:
if not send_portfolio_update_emails_to_portfolio_admins(
editor=user, portfolio=self.request.session.get("portfolio"), updated_page="Organization"
):
messages.warning(self.request, "Could not send email notification to all organization admins.")
except Exception as e:
messages.error(
request,
f"An unexpected error occurred: {str(e)}. If the issue persists, "
f"please contact {DefaultUserValues.HELP_EMAIL}.",
)
logger.error(f"An unexpected error occurred: {str(e)}.", exc_info=True)
return None
return self.form_valid(form) return self.form_valid(form)
else: else:
return self.form_invalid(form) return self.form_invalid(form)
@ -902,6 +997,45 @@ class PortfolioSeniorOfficialView(DetailView, FormMixin):
form = self.get_form() form = self.get_form()
return self.render_to_response(self.get_context_data(form=form)) return self.render_to_response(self.get_context_data(form=form))
def post(self, request, *args, **kwargs):
"""Handle POST requests to process form submission."""
self.object = self.get_object()
form = self.get_form()
if form.is_valid():
user = request.user
try:
if not send_portfolio_update_emails_to_portfolio_admins(
editor=user, portfolio=self.request.session.get("portfolio"), updated_page="Senior Official"
):
messages.warning(self.request, "Could not send email notification to all organization admins.")
except Exception as e:
messages.error(
request,
f"An unexpected error occurred: {str(e)}. If the issue persists, "
f"please contact {DefaultUserValues.HELP_EMAIL}.",
)
logger.error(f"An unexpected error occurred: {str(e)}.", exc_info=True)
return None
return self.form_valid(form)
else:
return self.form_invalid(form)
def form_valid(self, form):
"""Handle the case when the form is valid."""
self.object = form.save(commit=False)
self.object.creator = self.request.user
self.object.save()
messages.success(self.request, "The senior official information for this portfolio has been updated.")
return super().form_valid(form)
def form_invalid(self, form):
"""Handle the case when the form is invalid."""
return self.render_to_response(self.get_context_data(form=form))
def get_success_url(self):
"""Redirect to the overview page for the portfolio."""
return reverse("senior-official")
@grant_access(HAS_PORTFOLIO_MEMBERS_ANY_PERM) @grant_access(HAS_PORTFOLIO_MEMBERS_ANY_PERM)
class PortfolioMembersView(View): class PortfolioMembersView(View):
@ -970,7 +1104,7 @@ class PortfolioAddMemberView(DetailView, FormMixin):
portfolio = form.cleaned_data["portfolio"] portfolio = form.cleaned_data["portfolio"]
is_admin_invitation = UserPortfolioRoleChoices.ORGANIZATION_ADMIN in form.cleaned_data["roles"] is_admin_invitation = UserPortfolioRoleChoices.ORGANIZATION_ADMIN in form.cleaned_data["roles"]
requested_user = User.objects.filter(email=requested_email).first() requested_user = User.objects.filter(email__iexact=requested_email).first()
permission_exists = UserPortfolioPermission.objects.filter(user=requested_user, portfolio=portfolio).exists() permission_exists = UserPortfolioPermission.objects.filter(user=requested_user, portfolio=portfolio).exists()
try: try:
if not requested_user or not permission_exists: if not requested_user or not permission_exists:

20
src/registrar/views/report_views.py
View file

@ -6,7 +6,7 @@ from django.shortcuts import render
from django.contrib import admin from django.contrib import admin
from django.db.models import Avg, F from django.db.models import Avg, F
from registrar.decorators import ALL, HAS_PORTFOLIO_MEMBERS_VIEW, IS_STAFF, grant_access from registrar.decorators import ALL, HAS_PORTFOLIO_MEMBERS_VIEW, IS_CISA_ANALYST, IS_FULL_ACCESS, grant_access
from .. import models from .. import models
import datetime import datetime
from django.utils import timezone from django.utils import timezone
@ -16,7 +16,7 @@ import logging
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@grant_access(IS_STAFF) @grant_access(IS_CISA_ANALYST, IS_FULL_ACCESS)
class AnalyticsView(View): class AnalyticsView(View):
def get(self, request): def get(self, request):
thirty_days_ago = datetime.datetime.today() - datetime.timedelta(days=30) thirty_days_ago = datetime.datetime.today() - datetime.timedelta(days=30)
@ -176,7 +176,7 @@ class AnalyticsView(View):
return render(request, "admin/analytics.html", context) return render(request, "admin/analytics.html", context)
@grant_access(IS_STAFF) @grant_access(IS_CISA_ANALYST, IS_FULL_ACCESS)
class ExportDataType(View): class ExportDataType(View):
def get(self, request, *args, **kwargs): def get(self, request, *args, **kwargs):
# match the CSV example with all the fields # match the CSV example with all the fields
@ -227,7 +227,7 @@ class ExportMembersPortfolio(View):
return response return response
@grant_access(IS_STAFF) @grant_access(IS_CISA_ANALYST, IS_FULL_ACCESS)
class ExportDataFull(View): class ExportDataFull(View):
def get(self, request, *args, **kwargs): def get(self, request, *args, **kwargs):
# Smaller export based on 1 # Smaller export based on 1
@ -237,7 +237,7 @@ class ExportDataFull(View):
return response return response
@grant_access(IS_STAFF) @grant_access(IS_CISA_ANALYST, IS_FULL_ACCESS)
class ExportDataFederal(View): class ExportDataFederal(View):
def get(self, request, *args, **kwargs): def get(self, request, *args, **kwargs):
# Federal only # Federal only
@ -247,7 +247,7 @@ class ExportDataFederal(View):
return response return response
@grant_access(IS_STAFF) @grant_access(IS_CISA_ANALYST, IS_FULL_ACCESS)
class ExportDomainRequestDataFull(View): class ExportDomainRequestDataFull(View):
"""Generates a downloaded report containing all Domain Requests (except started)""" """Generates a downloaded report containing all Domain Requests (except started)"""
@ -259,7 +259,7 @@ class ExportDomainRequestDataFull(View):
return response return response
@grant_access(IS_STAFF) @grant_access(IS_CISA_ANALYST, IS_FULL_ACCESS)
class ExportDataDomainsGrowth(View): class ExportDataDomainsGrowth(View):
def get(self, request, *args, **kwargs): def get(self, request, *args, **kwargs):
start_date = request.GET.get("start_date", "") start_date = request.GET.get("start_date", "")
@ -272,7 +272,7 @@ class ExportDataDomainsGrowth(View):
return response return response
@grant_access(IS_STAFF) @grant_access(IS_CISA_ANALYST, IS_FULL_ACCESS)
class ExportDataRequestsGrowth(View): class ExportDataRequestsGrowth(View):
def get(self, request, *args, **kwargs): def get(self, request, *args, **kwargs):
start_date = request.GET.get("start_date", "") start_date = request.GET.get("start_date", "")
@ -285,7 +285,7 @@ class ExportDataRequestsGrowth(View):
return response return response
@grant_access(IS_STAFF) @grant_access(IS_CISA_ANALYST, IS_FULL_ACCESS)
class ExportDataManagedDomains(View): class ExportDataManagedDomains(View):
def get(self, request, *args, **kwargs): def get(self, request, *args, **kwargs):
start_date = request.GET.get("start_date", "") start_date = request.GET.get("start_date", "")
@ -297,7 +297,7 @@ class ExportDataManagedDomains(View):
return response return response
@grant_access(IS_STAFF) @grant_access(IS_CISA_ANALYST, IS_FULL_ACCESS)
class ExportDataUnmanagedDomains(View): class ExportDataUnmanagedDomains(View):
def get(self, request, *args, **kwargs): def get(self, request, *args, **kwargs):
start_date = request.GET.get("start_date", "") start_date = request.GET.get("start_date", "")

4
src/registrar/views/transfer_user.py
View file

@ -4,7 +4,7 @@ from django.db.models import ForeignKey, OneToOneField, ManyToManyField, ManyToO
from django.shortcuts import render, get_object_or_404, redirect from django.shortcuts import render, get_object_or_404, redirect
from django.views import View from django.views import View
from registrar.decorators import IS_STAFF, grant_access from registrar.decorators import IS_CISA_ANALYST, IS_FULL_ACCESS, grant_access
from registrar.models.domain import Domain from registrar.models.domain import Domain
from registrar.models.domain_request import DomainRequest from registrar.models.domain_request import DomainRequest
from registrar.models.user import User from registrar.models.user import User
@ -19,7 +19,7 @@ from registrar.utility.db_helpers import ignore_unique_violation
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@grant_access(IS_STAFF) @grant_access(IS_CISA_ANALYST, IS_FULL_ACCESS)
class TransferUserView(View): class TransferUserView(View):
"""Transfer user methods that set up the transfer_user template and handle the forms on it.""" """Transfer user methods that set up the transfer_user template and handle the forms on it."""

50
src/registrar/views/utility/api_views.py
View file

@ -1,7 +1,7 @@
import logging import logging
from django.http import JsonResponse from django.http import JsonResponse
from django.forms.models import model_to_dict from django.forms.models import model_to_dict
from registrar.decorators import IS_STAFF, grant_access from registrar.decorators import IS_CISA_ANALYST, IS_FULL_ACCESS, IS_OMB_ANALYST, grant_access
from registrar.models import FederalAgency, SeniorOfficial, DomainRequest from registrar.models import FederalAgency, SeniorOfficial, DomainRequest
from registrar.utility.admin_helpers import get_action_needed_reason_default_email, get_rejection_reason_default_email from registrar.utility.admin_helpers import get_action_needed_reason_default_email, get_rejection_reason_default_email
from registrar.models.portfolio import Portfolio from registrar.models.portfolio import Portfolio
@ -10,16 +10,10 @@ from registrar.utility.constants import BranchChoices
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@grant_access(IS_STAFF) @grant_access(IS_CISA_ANALYST, IS_OMB_ANALYST, IS_FULL_ACCESS)
def get_senior_official_from_federal_agency_json(request): def get_senior_official_from_federal_agency_json(request):
"""Returns federal_agency information as a JSON""" """Returns federal_agency information as a JSON"""
# This API is only accessible to admins and analysts
superuser_perm = request.user.has_perm("registrar.full_access_permission")
analyst_perm = request.user.has_perm("registrar.analyst_access_permission")
if not request.user.is_authenticated or not any([analyst_perm, superuser_perm]):
return JsonResponse({"error": "You do not have access to this resource"}, status=403)
agency_name = request.GET.get("agency_name") agency_name = request.GET.get("agency_name")
agency = FederalAgency.objects.filter(agency=agency_name).first() agency = FederalAgency.objects.filter(agency=agency_name).first()
senior_official = SeniorOfficial.objects.filter(federal_agency=agency).first() senior_official = SeniorOfficial.objects.filter(federal_agency=agency).first()
@ -37,16 +31,10 @@ def get_senior_official_from_federal_agency_json(request):
return JsonResponse({"error": "Senior Official not found"}, status=404) return JsonResponse({"error": "Senior Official not found"}, status=404)
@grant_access(IS_STAFF) @grant_access(IS_CISA_ANALYST, IS_OMB_ANALYST, IS_FULL_ACCESS)
def get_portfolio_json(request): def get_portfolio_json(request):
"""Returns portfolio information as a JSON""" """Returns portfolio information as a JSON"""
# This API is only accessible to admins and analysts
superuser_perm = request.user.has_perm("registrar.full_access_permission")
analyst_perm = request.user.has_perm("registrar.analyst_access_permission")
if not request.user.is_authenticated or not any([analyst_perm, superuser_perm]):
return JsonResponse({"error": "You do not have access to this resource"}, status=403)
portfolio_id = request.GET.get("id") portfolio_id = request.GET.get("id")
try: try:
portfolio = Portfolio.objects.get(id=portfolio_id) portfolio = Portfolio.objects.get(id=portfolio_id)
@ -93,16 +81,10 @@ def get_portfolio_json(request):
return JsonResponse(portfolio_dict) return JsonResponse(portfolio_dict)
@grant_access(IS_STAFF) @grant_access(IS_CISA_ANALYST, IS_OMB_ANALYST, IS_FULL_ACCESS)
def get_suborganization_list_json(request): def get_suborganization_list_json(request):
"""Returns suborganization list information for a portfolio as a JSON""" """Returns suborganization list information for a portfolio as a JSON"""
# This API is only accessible to admins and analysts
superuser_perm = request.user.has_perm("registrar.full_access_permission")
analyst_perm = request.user.has_perm("registrar.analyst_access_permission")
if not request.user.is_authenticated or not any([analyst_perm, superuser_perm]):
return JsonResponse({"error": "You do not have access to this resource"}, status=403)
portfolio_id = request.GET.get("portfolio_id") portfolio_id = request.GET.get("portfolio_id")
try: try:
portfolio = Portfolio.objects.get(id=portfolio_id) portfolio = Portfolio.objects.get(id=portfolio_id)
@ -115,17 +97,11 @@ def get_suborganization_list_json(request):
return JsonResponse({"results": results, "pagination": {"more": False}}) return JsonResponse({"results": results, "pagination": {"more": False}})
@grant_access(IS_STAFF) @grant_access(IS_CISA_ANALYST, IS_OMB_ANALYST, IS_FULL_ACCESS)
def get_federal_and_portfolio_types_from_federal_agency_json(request): def get_federal_and_portfolio_types_from_federal_agency_json(request):
"""Returns specific portfolio information as a JSON. Request must have """Returns specific portfolio information as a JSON. Request must have
both agency_name and organization_type.""" both agency_name and organization_type."""
# This API is only accessible to admins and analysts
superuser_perm = request.user.has_perm("registrar.full_access_permission")
analyst_perm = request.user.has_perm("registrar.analyst_access_permission")
if not request.user.is_authenticated or not any([analyst_perm, superuser_perm]):
return JsonResponse({"error": "You do not have access to this resource"}, status=403)
federal_type = None federal_type = None
portfolio_type = None portfolio_type = None
@ -143,16 +119,10 @@ def get_federal_and_portfolio_types_from_federal_agency_json(request):
return JsonResponse(response_data) return JsonResponse(response_data)
@grant_access(IS_STAFF) @grant_access(IS_CISA_ANALYST, IS_OMB_ANALYST, IS_FULL_ACCESS)
def get_action_needed_email_for_user_json(request): def get_action_needed_email_for_user_json(request):
"""Returns a default action needed email for a given user""" """Returns a default action needed email for a given user"""
# This API is only accessible to admins and analysts
superuser_perm = request.user.has_perm("registrar.full_access_permission")
analyst_perm = request.user.has_perm("registrar.analyst_access_permission")
if not request.user.is_authenticated or not any([analyst_perm, superuser_perm]):
return JsonResponse({"error": "You do not have access to this resource"}, status=403)
reason = request.GET.get("reason") reason = request.GET.get("reason")
domain_request_id = request.GET.get("domain_request_id") domain_request_id = request.GET.get("domain_request_id")
if not reason: if not reason:
@ -167,16 +137,10 @@ def get_action_needed_email_for_user_json(request):
return JsonResponse({"email": email}, status=200) return JsonResponse({"email": email}, status=200)
@grant_access(IS_STAFF) @grant_access(IS_CISA_ANALYST, IS_OMB_ANALYST, IS_FULL_ACCESS)
def get_rejection_email_for_user_json(request): def get_rejection_email_for_user_json(request):
"""Returns a default rejection email for a given user""" """Returns a default rejection email for a given user"""
# This API is only accessible to admins and analysts
superuser_perm = request.user.has_perm("registrar.full_access_permission")
analyst_perm = request.user.has_perm("registrar.analyst_access_permission")
if not request.user.is_authenticated or not any([analyst_perm, superuser_perm]):
return JsonResponse({"error": "You do not have access to this resource"}, status=403)
reason = request.GET.get("reason") reason = request.GET.get("reason")
domain_request_id = request.GET.get("domain_request_id") domain_request_id = request.GET.get("domain_request_id")
if not reason: if not reason:

47
src/requirements.txt
View file

@ -1,68 +1,69 @@
-i https://pypi.python.org/simple -i https://pypi.python.org/simple
annotated-types==0.7.0; python_version >= '3.8' annotated-types==0.7.0; python_version >= '3.8'
asgiref==3.8.1; python_version >= '3.8' asgiref==3.8.1; python_version >= '3.8'
boto3==1.35.91; python_version >= '3.8' boto3==1.37.18; python_version >= '3.8'
botocore==1.35.91; python_version >= '3.8' botocore==1.37.18; python_version >= '3.8'
cachetools==5.5.0; python_version >= '3.7' cachetools==5.5.2; python_version >= '3.7'
certifi==2024.12.14; python_version >= '3.6' certifi==2025.1.31; python_version >= '3.6'
cfenv==0.5.3 cfenv==0.5.3
cffi==1.17.1; python_version >= '3.8' cffi==1.17.1; python_version >= '3.8'
charset-normalizer==3.4.1; python_version >= '3.7' charset-normalizer==3.4.1; python_version >= '3.7'
cryptography==44.0.0; python_version >= '3.7' and python_full_version not in '3.9.0, 3.9.1' cryptography==44.0.2; python_version >= '3.7' and python_full_version not in '3.9.0, 3.9.1'
defusedxml==0.7.1; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' defusedxml==0.7.1; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'
diff-match-patch==20241021; python_version >= '3.7' diff-match-patch==20241021; python_version >= '3.7'
dj-database-url==2.3.0 dj-database-url==2.3.0
dj-email-url==1.0.6 dj-email-url==1.0.6
django==4.2.17; python_version >= '3.8' django==4.2.20; python_version >= '3.8'
django-admin-multiple-choice-list-filter==0.1.1 django-admin-multiple-choice-list-filter==0.1.1
django-allow-cidr==0.7.1 django-allow-cidr==0.7.1
django-auditlog==3.0.0; python_version >= '3.8' django-auditlog==3.0.0; python_version >= '3.8'
django-cache-url==3.4.5 django-cache-url==3.4.5
django-cors-headers==4.6.0; python_version >= '3.9' django-cors-headers==4.7.0; python_version >= '3.9'
django-csp==3.8 django-csp==3.8
django-fsm==2.8.1 django-fsm==2.8.1
django-import-export==4.3.3; python_version >= '3.9' django-import-export==4.3.7; python_version >= '3.9'
django-login-required-middleware==0.9.0 django-login-required-middleware==0.9.0
django-phonenumber-field[phonenumberslite]==8.0.0; python_version >= '3.8' django-phonenumber-field[phonenumberslite]==8.0.0; python_version >= '3.8'
django-waffle==4.2.0; python_version >= '3.8' django-waffle==4.2.0; python_version >= '3.8'
django-widget-tweaks==1.5.0; python_version >= '3.8' django-widget-tweaks==1.5.0; python_version >= '3.8'
environs[django]==11.2.1; python_version >= '3.8' environs[django]==14.1.1; python_version >= '3.9'
faker==33.1.0; python_version >= '3.8' faker==37.0.2; python_version >= '3.9'
fred-epplib @ git+https://github.com/cisagov/epplib.git@d56d183f1664f34c40ca9716a3a9a345f0ef561c fred-epplib @ git+https://github.com/cisagov/epplib.git@9f0fd0e69665001767f15a034c9c0c919dab5cdd
furl==2.1.3 furl==2.1.4
future==1.0.0; python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2' future==1.0.0; python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2'
gevent==24.11.1; python_version >= '3.9' gevent==24.11.1; python_version >= '3.9'
greenlet==3.1.1; python_version >= '3.7' greenlet==3.1.1; python_version >= '3.7'
gunicorn==23.0.0; python_version >= '3.7' gunicorn==23.0.0; python_version >= '3.7'
idna==3.10; python_version >= '3.6' idna==3.10; python_version >= '3.6'
jmespath==1.0.1; python_version >= '3.7' jmespath==1.0.1; python_version >= '3.7'
lxml==5.3.0; python_version >= '3.6' lxml==5.3.1; python_version >= '3.6'
mako==1.3.8; python_version >= '3.8' mako==1.3.9; python_version >= '3.8'
markupsafe==3.0.2; python_version >= '3.9' markupsafe==3.0.2; python_version >= '3.9'
marshmallow==3.23.2; python_version >= '3.9' marshmallow==3.26.1; python_version >= '3.9'
oic==1.7.0; python_version ~= '3.8' oic==1.7.0; python_version ~= '3.8'
orderedmultidict==1.0.1 orderedmultidict==1.0.1
packaging==24.2; python_version >= '3.8' packaging==24.2; python_version >= '3.8'
phonenumberslite==8.13.52 phonenumberslite==9.0.1
psycopg2-binary==2.9.10; python_version >= '3.8' psycopg2-binary==2.9.10; python_version >= '3.8'
pycparser==2.22; python_version >= '3.8' pycparser==2.22; python_version >= '3.8'
pycryptodomex==3.21.0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5' pycryptodomex==3.22.0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5, 3.6'
pydantic==2.10.4; python_version >= '3.8' pydantic==2.10.6; python_version >= '3.8'
pydantic-core==2.27.2; python_version >= '3.8' pydantic-core==2.27.2; python_version >= '3.8'
pydantic-settings==2.7.1; python_version >= '3.8' pydantic-settings==2.8.1; python_version >= '3.8'
pyjwkest==1.4.2 pyjwkest==1.4.2
python-dateutil==2.9.0.post0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2' python-dateutil==2.9.0.post0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2'
python-dotenv==1.0.1; python_version >= '3.8' python-dotenv==1.0.1; python_version >= '3.8'
pyzipper==0.3.6; python_version >= '3.4' pyzipper==0.3.6; python_version >= '3.4'
requests==2.32.3; python_version >= '3.8' requests==2.32.3; python_version >= '3.8'
s3transfer==0.10.4; python_version >= '3.8' s3transfer==0.11.4; python_version >= '3.8'
setuptools==75.6.0; python_version >= '3.9' setuptools==77.0.3; python_version >= '3.9'
six==1.17.0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2' six==1.17.0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2'
sqlparse==0.5.3; python_version >= '3.8' sqlparse==0.5.3; python_version >= '3.8'
tablib==3.7.0; python_version >= '3.9' tablib==3.8.0; python_version >= '3.9'
tblib==3.0.0; python_version >= '3.8' tblib==3.0.0; python_version >= '3.8'
typing-extensions==4.12.2; python_version >= '3.8' typing-extensions==4.12.2; python_version >= '3.8'
tzdata==2025.1; python_version >= '2'
urllib3==2.3.0; python_version >= '3.9' urllib3==2.3.0; python_version >= '3.9'
whitenoise==6.8.2; python_version >= '3.9' whitenoise==6.9.0; python_version >= '3.9'
zope.event==5.0; python_version >= '3.7' zope.event==5.0; python_version >= '3.7'
zope.interface==7.2; python_version >= '3.8' zope.interface==7.2; python_version >= '3.8'