zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-07-30 22:46:30 +02:00
Code Issues Projects Releases Packages Wiki Activity

merge main and integrate ModelForm for PortfolioInvitation

Browse source
This commit is contained in:
David Kennedy 2024-12-19 15:15:07 -05:00
commit 7658810b02
No known key found for this signature in database
GPG key ID: 6528A5386E66B96B
55 changed files with 2706 additions and 503 deletions
Download patch file Download diff file Expand all files Collapse all files

10
.github/ISSUE_TEMPLATE/issue-default.yml vendored
View file

@ -1,18 +1,18 @@
name: Issue name: Issue / story
description: Describe an idea, feature, content, or non-bug finding description: Describe an idea, problem, feature, or story. (Report bugs in the Bug template.)
body: body:
- type: markdown - type: markdown
id: title-help id: title-help
attributes: attributes:
value: | value: |
> Titles should be short, descriptive, and compelling. Use sentence case. > Titles should be short, descriptive, and compelling. Use sentence case: don't capitalize words unnecessarily.
- type: textarea - type: textarea
id: issue-description id: issue-description
attributes: attributes:
label: Issue description label: Issue description
description: | description: |
Describe the issue so that someone who wasn't present for its discovery can understand why it matters. Use full sentences, plain language, and [good formatting](https://docs.github.com/en/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax). Describe the issue so that someone who wasn't present for its discovery can understand why it matters. For stories, use the user story format (e.g., As a user, I want, so that). Use full sentences, plain language, and [good formatting](https://docs.github.com/en/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax).
validations: validations:
required: true required: true
- type: textarea - type: textarea
@ -31,7 +31,7 @@ body:
attributes: attributes:
label: Links to other issues label: Links to other issues
description: | description: |
"With a `-` to start the line, add issue #numbers this relates to and how (e.g., 🚧 [construction] Blocks, ⛔️ [no_entry] Is blocked by, 🔄 [arrows_counterclockwise] Relates to)." "Use a dash (`-`) to start the line. Add an issue by typing "`#`" then the issue number. Add information to describe any dependancies, blockers, etc. (e.g., 🚧 [construction] Blocks, ⛔️ [no_entry] Is blocked by, 🔄 [arrows_counterclockwise] Relates to). If this is a parent issue, use sub-issues instead of linking other issues here."
placeholder: "- 🔄 Relates to..." placeholder: "- 🔄 Relates to..."
- type: markdown - type: markdown
id: note id: note

2
ops/manifests/manifest-ms.yaml
View file

@ -20,7 +20,7 @@ applications:
# Tell Django where it is being hosted # Tell Django where it is being hosted
DJANGO_BASE_URL: https://getgov-ms.app.cloud.gov DJANGO_BASE_URL: https://getgov-ms.app.cloud.gov
# Tell Django how much stuff to log # Tell Django how much stuff to log
DJANGO_LOG_LEVEL: INFO DJANGO_LOG_LEVEL: DEBUG
# default public site location # default public site location
GETGOV_PUBLIC_SITE_URL: https://get.gov GETGOV_PUBLIC_SITE_URL: https://get.gov
# Flag to disable/enable features in prod environments # Flag to disable/enable features in prod environments

4
src/epplibwrapper/errors.py
View file

@ -62,9 +62,11 @@ class RegistryError(Exception):
- 2501 - 2502 Something malicious or abusive may have occurred - 2501 - 2502 Something malicious or abusive may have occurred
""" """
def __init__(self, *args, code=None, **kwargs): def __init__(self, *args, code=None, note="", **kwargs):
super().__init__(*args, **kwargs) super().__init__(*args, **kwargs)
self.code = code self.code = code
# note is a string that can be used to provide additional context
self.note = note
def should_retry(self): def should_retry(self):
return self.code == ErrorCode.COMMAND_FAILED return self.code == ErrorCode.COMMAND_FAILED

225
src/registrar/admin.py
View file

@ -224,6 +224,14 @@ class DomainInformationAdminForm(forms.ModelForm):
fields = "__all__" fields = "__all__"
widgets = { widgets = {
"other_contacts": NoAutocompleteFilteredSelectMultiple("other_contacts", False), "other_contacts": NoAutocompleteFilteredSelectMultiple("other_contacts", False),
"portfolio": AutocompleteSelectWithPlaceholder(
DomainInformation._meta.get_field("portfolio"), admin.site, attrs={"data-placeholder": "---------"}
),
"sub_organization": AutocompleteSelectWithPlaceholder(
DomainInformation._meta.get_field("sub_organization"),
admin.site,
attrs={"data-placeholder": "---------", "ajax-url": "get-suborganization-list-json"},
),
} }
@ -235,6 +243,14 @@ class DomainInformationInlineForm(forms.ModelForm):
fields = "__all__" fields = "__all__"
widgets = { widgets = {
"other_contacts": NoAutocompleteFilteredSelectMultiple("other_contacts", False), "other_contacts": NoAutocompleteFilteredSelectMultiple("other_contacts", False),
"portfolio": AutocompleteSelectWithPlaceholder(
DomainInformation._meta.get_field("portfolio"), admin.site, attrs={"data-placeholder": "---------"}
),
"sub_organization": AutocompleteSelectWithPlaceholder(
DomainInformation._meta.get_field("sub_organization"),
admin.site,
attrs={"data-placeholder": "---------", "ajax-url": "get-suborganization-list-json"},
),
} }
@ -1623,6 +1639,70 @@ class DomainInformationAdmin(ListHeaderAdmin, ImportExportModelAdmin):
orderable_fk_fields = [("domain", "name")] orderable_fk_fields = [("domain", "name")]
# Define methods to display fields from the related portfolio
def portfolio_senior_official(self, obj) -> Optional[SeniorOfficial]:
return obj.portfolio.senior_official if obj.portfolio and obj.portfolio.senior_official else None
portfolio_senior_official.short_description = "Senior official" # type: ignore
def portfolio_organization_type(self, obj):
return (
DomainRequest.OrganizationChoices.get_org_label(obj.portfolio.organization_type)
if obj.portfolio and obj.portfolio.organization_type
else "-"
)
portfolio_organization_type.short_description = "Organization type" # type: ignore
def portfolio_federal_type(self, obj):
return (
BranchChoices.get_branch_label(obj.portfolio.federal_type)
if obj.portfolio and obj.portfolio.federal_type
else "-"
)
portfolio_federal_type.short_description = "Federal type" # type: ignore
def portfolio_organization_name(self, obj):
return obj.portfolio.organization_name if obj.portfolio else ""
portfolio_organization_name.short_description = "Organization name" # type: ignore
def portfolio_federal_agency(self, obj):
return obj.portfolio.federal_agency if obj.portfolio else ""
portfolio_federal_agency.short_description = "Federal agency" # type: ignore
def portfolio_state_territory(self, obj):
return obj.portfolio.state_territory if obj.portfolio else ""
portfolio_state_territory.short_description = "State, territory, or military post" # type: ignore
def portfolio_address_line1(self, obj):
return obj.portfolio.address_line1 if obj.portfolio else ""
portfolio_address_line1.short_description = "Address line 1" # type: ignore
def portfolio_address_line2(self, obj):
return obj.portfolio.address_line2 if obj.portfolio else ""
portfolio_address_line2.short_description = "Address line 2" # type: ignore
def portfolio_city(self, obj):
return obj.portfolio.city if obj.portfolio else ""
portfolio_city.short_description = "City" # type: ignore
def portfolio_zipcode(self, obj):
return obj.portfolio.zipcode if obj.portfolio else ""
portfolio_zipcode.short_description = "Zip code" # type: ignore
def portfolio_urbanization(self, obj):
return obj.portfolio.urbanization if obj.portfolio else ""
portfolio_urbanization.short_description = "Urbanization" # type: ignore
# Filters # Filters
list_filter = [GenericOrgFilter] list_filter = [GenericOrgFilter]
@ -1637,16 +1717,36 @@ class DomainInformationAdmin(ListHeaderAdmin, ImportExportModelAdmin):
None, None,
{ {
"fields": [ "fields": [
"portfolio",
"sub_organization",
"creator",
"domain_request", "domain_request",
"notes", "notes",
] ]
}, },
), ),
(
"Requested by",
{
"fields": [
"portfolio",
"sub_organization",
"creator",
]
},
),
(".gov domain", {"fields": ["domain"]}), (".gov domain", {"fields": ["domain"]}),
("Contacts", {"fields": ["senior_official", "other_contacts", "no_other_contacts_rationale"]}), (
"Contacts",
{
"fields": [
"senior_official",
"portfolio_senior_official",
"other_contacts",
"no_other_contacts_rationale",
"cisa_representative_first_name",
"cisa_representative_last_name",
"cisa_representative_email",
]
},
),
("Background info", {"fields": ["anything_else"]}), ("Background info", {"fields": ["anything_else"]}),
( (
"Type of organization", "Type of organization",
@ -1695,10 +1795,58 @@ class DomainInformationAdmin(ListHeaderAdmin, ImportExportModelAdmin):
], ],
}, },
), ),
# the below three sections are for portfolio fields
(
"Type of organization",
{
"fields": [
"portfolio_organization_type",
"portfolio_federal_type",
]
},
),
(
"Organization name and mailing address",
{
"fields": [
"portfolio_organization_name",
"portfolio_federal_agency",
]
},
),
(
"Show details",
{
"classes": ["collapse--dgfieldset"],
"description": "Extends organization name and mailing address",
"fields": [
"portfolio_state_territory",
"portfolio_address_line1",
"portfolio_address_line2",
"portfolio_city",
"portfolio_zipcode",
"portfolio_urbanization",
],
},
),
] ]
# Readonly fields for analysts and superusers # Readonly fields for analysts and superusers
readonly_fields = ("other_contacts", "is_election_board") readonly_fields = (
"portfolio_senior_official",
"portfolio_organization_type",
"portfolio_federal_type",
"portfolio_organization_name",
"portfolio_federal_agency",
"portfolio_state_territory",
"portfolio_address_line1",
"portfolio_address_line2",
"portfolio_city",
"portfolio_zipcode",
"portfolio_urbanization",
"other_contacts",
"is_election_board",
)
# Read only that we'll leverage for CISA Analysts # Read only that we'll leverage for CISA Analysts
analyst_readonly_fields = [ analyst_readonly_fields = [
@ -2675,7 +2823,72 @@ class DomainInformationInline(admin.StackedInline):
template = "django/admin/includes/domain_info_inline_stacked.html" template = "django/admin/includes/domain_info_inline_stacked.html"
model = models.DomainInformation model = models.DomainInformation
# Define methods to display fields from the related portfolio
def portfolio_senior_official(self, obj) -> Optional[SeniorOfficial]:
return obj.portfolio.senior_official if obj.portfolio and obj.portfolio.senior_official else None
portfolio_senior_official.short_description = "Senior official" # type: ignore
def portfolio_organization_type(self, obj):
return (
DomainRequest.OrganizationChoices.get_org_label(obj.portfolio.organization_type)
if obj.portfolio and obj.portfolio.organization_type
else "-"
)
portfolio_organization_type.short_description = "Organization type" # type: ignore
def portfolio_federal_type(self, obj):
return (
BranchChoices.get_branch_label(obj.portfolio.federal_type)
if obj.portfolio and obj.portfolio.federal_type
else "-"
)
portfolio_federal_type.short_description = "Federal type" # type: ignore
def portfolio_organization_name(self, obj):
return obj.portfolio.organization_name if obj.portfolio else ""
portfolio_organization_name.short_description = "Organization name" # type: ignore
def portfolio_federal_agency(self, obj):
return obj.portfolio.federal_agency if obj.portfolio else ""
portfolio_federal_agency.short_description = "Federal agency" # type: ignore
def portfolio_state_territory(self, obj):
return obj.portfolio.state_territory if obj.portfolio else ""
portfolio_state_territory.short_description = "State, territory, or military post" # type: ignore
def portfolio_address_line1(self, obj):
return obj.portfolio.address_line1 if obj.portfolio else ""
portfolio_address_line1.short_description = "Address line 1" # type: ignore
def portfolio_address_line2(self, obj):
return obj.portfolio.address_line2 if obj.portfolio else ""
portfolio_address_line2.short_description = "Address line 2" # type: ignore
def portfolio_city(self, obj):
return obj.portfolio.city if obj.portfolio else ""
portfolio_city.short_description = "City" # type: ignore
def portfolio_zipcode(self, obj):
return obj.portfolio.zipcode if obj.portfolio else ""
portfolio_zipcode.short_description = "Zip code" # type: ignore
def portfolio_urbanization(self, obj):
return obj.portfolio.urbanization if obj.portfolio else ""
portfolio_urbanization.short_description = "Urbanization" # type: ignore
fieldsets = copy.deepcopy(list(DomainInformationAdmin.fieldsets)) fieldsets = copy.deepcopy(list(DomainInformationAdmin.fieldsets))
readonly_fields = copy.deepcopy(DomainInformationAdmin.readonly_fields)
analyst_readonly_fields = copy.deepcopy(DomainInformationAdmin.analyst_readonly_fields) analyst_readonly_fields = copy.deepcopy(DomainInformationAdmin.analyst_readonly_fields)
autocomplete_fields = copy.deepcopy(DomainInformationAdmin.autocomplete_fields) autocomplete_fields = copy.deepcopy(DomainInformationAdmin.autocomplete_fields)
@ -3221,7 +3434,7 @@ class DomainAdmin(ListHeaderAdmin, ImportExportModelAdmin):
except RegistryError as err: except RegistryError as err:
# Using variables to get past the linter # Using variables to get past the linter
message1 = f"Cannot delete Domain when in state {obj.state}" message1 = f"Cannot delete Domain when in state {obj.state}"
message2 = "This subdomain is being used as a hostname on another domain" message2 = f"This subdomain is being used as a hostname on another domain: {err.note}"
# Human-readable mappings of ErrorCodes. Can be expanded. # Human-readable mappings of ErrorCodes. Can be expanded.
error_messages = { error_messages = {
# noqa on these items as black wants to reformat to an invalid length # noqa on these items as black wants to reformat to an invalid length

13
src/registrar/assets/src/js/getgov-admin/domain-form.js
View file

@ -1,3 +1,5 @@
import { handlePortfolioSelection } from './helpers-portfolio-dynamic-fields.js';
/** /**
* A function that appends target="_blank" to the domain_form buttons * A function that appends target="_blank" to the domain_form buttons
*/ */
@ -28,3 +30,14 @@ export function initDomainFormTargetBlankButtons() {
domainSubmitButton.addEventListener("mouseout", () => openInNewTab(domainFormElement, false)); domainSubmitButton.addEventListener("mouseout", () => openInNewTab(domainFormElement, false));
} }
} }
/**
* A function for dynamic Domain fields
*/
export function initDynamicDomainFields(){
const domainPage = document.getElementById("domain_form");
if (domainPage) {
handlePortfolioSelection("#id_domain_info-0-portfolio",
"#id_domain_info-0-sub_organization");
}
}

11
src/registrar/assets/src/js/getgov-admin/domain-information-form.js
View file

@ -1,4 +1,4 @@
import { handleSuborganizationFields } from './helpers-portfolio-dynamic-fields.js'; import { handlePortfolioSelection } from './helpers-portfolio-dynamic-fields.js';
/** /**
* A function for dynamic DomainInformation fields * A function for dynamic DomainInformation fields
@ -6,12 +6,7 @@ import { handleSuborganizationFields } from './helpers-portfolio-dynamic-fields.
export function initDynamicDomainInformationFields(){ export function initDynamicDomainInformationFields(){
const domainInformationPage = document.getElementById("domaininformation_form"); const domainInformationPage = document.getElementById("domaininformation_form");
if (domainInformationPage) { if (domainInformationPage) {
handleSuborganizationFields(); console.log("handling domain information page");
} handlePortfolioSelection();
// DomainInformation is embedded inside domain so this should fire there too
const domainPage = document.getElementById("domain_form");
if (domainPage) {
handleSuborganizationFields(portfolioDropdownSelector="#id_domain_info-0-portfolio", suborgDropdownSelector="#id_domain_info-0-sub_organization");
} }
} }

4
src/registrar/assets/src/js/getgov-admin/domain-request-form.js
View file

@ -15,8 +15,8 @@ function displayModalOnDropdownClick(linkClickedDisplaysModal, statusDropdown, a
// Revert the dropdown to its previous value // Revert the dropdown to its previous value
statusDropdown.value = valueToCheck; statusDropdown.value = valueToCheck;
}); });
}else { } else {
console.log("displayModalOnDropdownClick() -> Cancel button was null"); console.warn("displayModalOnDropdownClick() -> Cancel button was null");
} }
// Add a change event listener to the dropdown. // Add a change event listener to the dropdown.

72
src/registrar/assets/src/js/getgov-admin/helpers-portfolio-dynamic-fields.js
View file

@ -1,57 +1,19 @@
import { hideElement, showElement } from './helpers-admin.js'; import { hideElement, showElement } from './helpers-admin.js';
/**
* Helper function that handles business logic for the suborganization field.
* Can be used anywhere the suborganization dropdown exists
*/
export function handleSuborganizationFields(
portfolioDropdownSelector="#id_portfolio",
suborgDropdownSelector="#id_sub_organization",
requestedSuborgFieldSelector=".field-requested_suborganization",
suborgCitySelector=".field-suborganization_city",
suborgStateTerritorySelector=".field-suborganization_state_territory"
) {
// These dropdown are select2 fields so they must be interacted with via jquery
const portfolioDropdown = django.jQuery(portfolioDropdownSelector)
const suborganizationDropdown = django.jQuery(suborgDropdownSelector)
const requestedSuborgField = document.querySelector(requestedSuborgFieldSelector);
const suborgCity = document.querySelector(suborgCitySelector);
const suborgStateTerritory = document.querySelector(suborgStateTerritorySelector);
if (!suborganizationDropdown || !requestedSuborgField || !suborgCity || !suborgStateTerritory) {
console.error("Requested suborg fields not found.");
return;
}
function toggleSuborganizationFields() {
if (portfolioDropdown.val() && !suborganizationDropdown.val()) {
showElement(requestedSuborgField);
showElement(suborgCity);
showElement(suborgStateTerritory);
}else {
hideElement(requestedSuborgField);
hideElement(suborgCity);
hideElement(suborgStateTerritory);
}
}
// Run the function once on page startup, then attach an event listener
toggleSuborganizationFields();
suborganizationDropdown.on("change", toggleSuborganizationFields);
portfolioDropdown.on("change", toggleSuborganizationFields);
}
/** /**
* *
* This function handles the portfolio selection as well as display of * This function handles the portfolio selection as well as display of
* portfolio-related fields in the DomainRequest Form. * portfolio-related fields in the DomainRequest Form.
* *
* IMPORTANT NOTE: The logic in this method is paired dynamicPortfolioFields * IMPORTANT NOTE: The business logic in this method is based on dynamicPortfolioFields
*/ */
export function handlePortfolioSelection() { export function handlePortfolioSelection(
portfolioDropdownSelector="#id_portfolio",
suborgDropdownSelector="#id_sub_organization"
) {
// These dropdown are select2 fields so they must be interacted with via jquery // These dropdown are select2 fields so they must be interacted with via jquery
const portfolioDropdown = django.jQuery("#id_portfolio"); const portfolioDropdown = django.jQuery(portfolioDropdownSelector);
const suborganizationDropdown = django.jQuery("#id_sub_organization"); const suborganizationDropdown = django.jQuery(suborgDropdownSelector);
const suborganizationField = document.querySelector(".field-sub_organization"); const suborganizationField = document.querySelector(".field-sub_organization");
const requestedSuborganizationField = document.querySelector(".field-requested_suborganization"); const requestedSuborganizationField = document.querySelector(".field-requested_suborganization");
const suborganizationCity = document.querySelector(".field-suborganization_city"); const suborganizationCity = document.querySelector(".field-suborganization_city");
@ -440,8 +402,8 @@ export function handlePortfolioSelection() {
showElement(portfolioSeniorOfficialField); showElement(portfolioSeniorOfficialField);
// Hide fields not applicable when a portfolio is selected // Hide fields not applicable when a portfolio is selected
hideElement(otherEmployeesField); if (otherEmployeesField) hideElement(otherEmployeesField);
hideElement(noOtherContactsRationaleField); if (noOtherContactsRationaleField) hideElement(noOtherContactsRationaleField);
hideElement(cisaRepresentativeFirstNameField); hideElement(cisaRepresentativeFirstNameField);
hideElement(cisaRepresentativeLastNameField); hideElement(cisaRepresentativeLastNameField);
hideElement(cisaRepresentativeEmailField); hideElement(cisaRepresentativeEmailField);
@ -463,8 +425,8 @@ export function handlePortfolioSelection() {
// Show fields that are relevant when no portfolio is selected // Show fields that are relevant when no portfolio is selected
showElement(seniorOfficialField); showElement(seniorOfficialField);
hideElement(portfolioSeniorOfficialField); hideElement(portfolioSeniorOfficialField);
showElement(otherEmployeesField); if (otherEmployeesField) showElement(otherEmployeesField);
showElement(noOtherContactsRationaleField); if (noOtherContactsRationaleField) showElement(noOtherContactsRationaleField);
showElement(cisaRepresentativeFirstNameField); showElement(cisaRepresentativeFirstNameField);
showElement(cisaRepresentativeLastNameField); showElement(cisaRepresentativeLastNameField);
showElement(cisaRepresentativeEmailField); showElement(cisaRepresentativeEmailField);
@ -504,14 +466,14 @@ export function handlePortfolioSelection() {
if (portfolio_id && !suborganization_id) { if (portfolio_id && !suborganization_id) {
// Show suborganization request fields // Show suborganization request fields
showElement(requestedSuborganizationField); if (requestedSuborganizationField) showElement(requestedSuborganizationField);
showElement(suborganizationCity); if (suborganizationCity) showElement(suborganizationCity);
showElement(suborganizationStateTerritory); if (suborganizationStateTerritory) showElement(suborganizationStateTerritory);
} else { } else {
// Hide suborganization request fields if suborganization is selected // Hide suborganization request fields if suborganization is selected
hideElement(requestedSuborganizationField); if (requestedSuborganizationField) hideElement(requestedSuborganizationField);
hideElement(suborganizationCity); if (suborganizationCity) hideElement(suborganizationCity);
hideElement(suborganizationStateTerritory); if (suborganizationStateTerritory) hideElement(suborganizationStateTerritory);
} }
} }

2
src/registrar/assets/src/js/getgov-admin/main.js
View file

@ -14,6 +14,7 @@ import {
import { initDomainFormTargetBlankButtons } from './domain-form.js'; import { initDomainFormTargetBlankButtons } from './domain-form.js';
import { initDynamicPortfolioFields } from './portfolio-form.js'; import { initDynamicPortfolioFields } from './portfolio-form.js';
import { initDynamicDomainInformationFields } from './domain-information-form.js'; import { initDynamicDomainInformationFields } from './domain-information-form.js';
import { initDynamicDomainFields } from './domain-form.js';
// General // General
initModals(); initModals();
@ -33,6 +34,7 @@ initDynamicDomainRequestFields();
// Domain // Domain
initDomainFormTargetBlankButtons(); initDomainFormTargetBlankButtons();
initDynamicDomainFields();
// Portfolio // Portfolio
initDynamicPortfolioFields(); initDynamicPortfolioFields();

404
src/registrar/assets/src/js/getgov-admin/portfolio-form.js
View file

@ -2,203 +2,212 @@ import { hideElement, showElement } from './helpers-admin.js';
/** /**
* A function for dynamically changing some fields on the portfolio admin model * A function for dynamically changing some fields on the portfolio admin model
* IMPORTANT NOTE: The logic in this function is paired handlePortfolioSelection and should be refactored once we solidify our requirements. * IMPORTANT NOTE: The business logic in this function is related to handlePortfolioSelection
*/ */
export function initDynamicPortfolioFields(){ function handlePortfolioFields(){
// the federal agency change listener fires on page load, which we don't want. let isPageLoading = true
var isInitialPageLoad = true // $ symbolically denotes that this is using jQuery
const $seniorOfficialDropdown = django.jQuery("#id_senior_official");
const seniorOfficialField = document.querySelector(".field-senior_official");
const seniorOfficialAddress = seniorOfficialField.querySelector(".dja-address-contact-list");
const seniorOfficialReadonly = seniorOfficialField.querySelector(".readonly");
const $federalAgencyDropdown = django.jQuery("#id_federal_agency");
const federalAgencyField = document.querySelector(".field-federal_agency");
const organizationTypeField = document.querySelector(".field-organization_type");
const organizationTypeReadonly = organizationTypeField.querySelector(".readonly");
const organizationTypeDropdown = document.getElementById("id_organization_type");
const organizationNameField = document.querySelector(".field-organization_name");
const federalTypeField = document.querySelector(".field-federal_type");
const urbanizationField = document.querySelector(".field-urbanization");
const stateTerritoryDropdown = document.getElementById("id_state_territory");
const seniorOfficialAddUrl = document.getElementById("senior-official-add-url").value;
const seniorOfficialApi = document.getElementById("senior_official_from_agency_json_url").value;
const federalPortfolioApi = document.getElementById("federal_and_portfolio_types_from_agency_json_url").value;
// This is the additional information that exists beneath the SO element. /**
var contactList = document.querySelector(".field-senior_official .dja-address-contact-list"); * Fetches federal type data based on a selected agency using an AJAX call.
const federalAgencyContainer = document.querySelector(".field-federal_agency"); *
document.addEventListener('DOMContentLoaded', function() { * @param {string} agency
* @returns {Promise<Object|null>} - A promise that resolves to the portfolio data object if successful,
let isPortfolioPage = document.getElementById("portfolio_form"); * or null if there was an error.
if (!isPortfolioPage) { */
return; function getFederalTypeFromAgency(agency) {
} return fetch(`${federalPortfolioApi}?&agency_name=${agency}`)
.then(response => {
// $ symbolically denotes that this is using jQuery const statusCode = response.status;
let $federalAgency = django.jQuery("#id_federal_agency"); return response.json().then(data => ({ statusCode, data }));
let organizationType = document.getElementById("id_organization_type"); })
let readonlyOrganizationType = document.querySelector(".field-organization_type .readonly"); .then(({ statusCode, data }) => {
if (data.error) {
let organizationNameContainer = document.querySelector(".field-organization_name"); console.error("Error in AJAX call: " + data.error);
let federalType = document.querySelector(".field-federal_type"); return;
}
if ($federalAgency && (organizationType || readonlyOrganizationType)) { return data.federal_type
// Attach the change event listener })
$federalAgency.on("change", function() { .catch(error => {
handleFederalAgencyChange($federalAgency, organizationType, readonlyOrganizationType, organizationNameContainer, federalType); console.error("Error fetching federal and portfolio types: ", error);
return null
}); });
} }
// Handle dynamically hiding the urbanization field
let urbanizationField = document.querySelector(".field-urbanization");
let stateTerritory = document.getElementById("id_state_territory");
if (urbanizationField && stateTerritory) {
// Execute this function once on load
handleStateTerritoryChange(stateTerritory, urbanizationField);
// Attach the change event listener for state/territory /**
stateTerritory.addEventListener("change", function() { * Fetches senior official contact data based on a selected agency using an AJAX call.
handleStateTerritoryChange(stateTerritory, urbanizationField); *
* @param {string} agency
* @returns {Promise<Object|null>} - A promise that resolves to the portfolio data object if successful,
* or null if there was an error.
*/
function getSeniorOfficialFromAgency(agency) {
return fetch(`${seniorOfficialApi}?agency_name=${agency}`)
.then(response => {
const statusCode = response.status;
return response.json().then(data => ({ statusCode, data }));
})
.then(({ statusCode, data }) => {
if (data.error) {
// Throw an error with status code and message
throw { statusCode, message: data.error };
} else {
return data;
}
})
.catch(error => {
console.error("Error fetching senior official: ", error);
throw error; // Re-throw for external handling
}); });
} }
// Handle hiding the organization name field when the organization_type is federal. /**
// Run this first one page load, then secondly on a change event. * Handles the side effects of change on the organization type field
handleOrganizationTypeChange(organizationType, organizationNameContainer, federalType); *
organizationType.addEventListener("change", function() { * 1. If selection is federal, hide org name, show federal agency, show federal type if applicable
handleOrganizationTypeChange(organizationType, organizationNameContainer, federalType); * 2. else show org name, hide federal agency, hide federal type if applicable
}); */
}); function handleOrganizationTypeChange() {
if (organizationTypeDropdown && organizationNameField) {
function handleOrganizationTypeChange(organizationType, organizationNameContainer, federalType) { let selectedValue = organizationTypeDropdown.value;
if (organizationType && organizationNameContainer) {
let selectedValue = organizationType.value;
if (selectedValue === "federal") { if (selectedValue === "federal") {
hideElement(organizationNameContainer); hideElement(organizationNameField);
showElement(federalAgencyContainer); showElement(federalAgencyField);
if (federalType) { if (federalTypeField) {
showElement(federalType); showElement(federalTypeField);
} }
} else { } else {
showElement(organizationNameContainer); showElement(organizationNameField);
hideElement(federalAgencyContainer); hideElement(federalAgencyField);
if (federalType) { if (federalTypeField) {
hideElement(federalType); hideElement(federalTypeField);
} }
} }
} }
} }
function handleFederalAgencyChange(federalAgency, organizationType, readonlyOrganizationType, organizationNameContainer, federalType) { /**
// Don't do anything on page load * Handles the side effects of change on the federal agency field
if (isInitialPageLoad) { *
isInitialPageLoad = false; * 1. handle org type dropdown or readonly
return; * 2. call handleOrganizationTypeChange
} * 3. call getFederalTypeFromAgency and update federal type
* 4. call getSeniorOfficialFromAgency and update the SO fieldset
*/
function handleFederalAgencyChange() {
if (!isPageLoading) {
// Set the org type to federal if an agency is selected let selectedFederalAgency = $federalAgencyDropdown.find("option:selected").text();
let selectedText = federalAgency.find("option:selected").text(); if (!selectedFederalAgency) {
// There isn't a federal senior official associated with null records
if (!selectedText) {
return;
}
let organizationTypeValue = organizationType ? organizationType.value : readonlyOrganizationType.innerText.toLowerCase();
if (selectedText !== "Non-Federal Agency") {
if (organizationTypeValue !== "federal") {
if (organizationType){
organizationType.value = "federal";
}else {
readonlyOrganizationType.innerText = "Federal"
}
}
}else {
if (organizationTypeValue === "federal") {
if (organizationType){
organizationType.value = "";
}else {
readonlyOrganizationType.innerText = "-"
}
}
}
handleOrganizationTypeChange(organizationType, organizationNameContainer, federalType);
// Determine if any changes are necessary to the display of portfolio type or federal type
// based on changes to the Federal Agency
let federalPortfolioApi = document.getElementById("federal_and_portfolio_types_from_agency_json_url").value;
fetch(`${federalPortfolioApi}?&agency_name=${selectedText}`)
.then(response => {
const statusCode = response.status;
return response.json().then(data => ({ statusCode, data }));
})
.then(({ statusCode, data }) => {
if (data.error) {
console.error("Error in AJAX call: " + data.error);
return; return;
} }
updateReadOnly(data.federal_type, '.field-federal_type');
})
.catch(error => console.error("Error fetching federal and portfolio types: ", error));
// Hide the contactList initially. // 1. Handle organization type
// If we can update the contact information, it'll be shown again. let organizationTypeValue = organizationTypeDropdown ? organizationTypeDropdown.value : organizationTypeReadonly.innerText.toLowerCase();
hideElement(contactList.parentElement); if (selectedFederalAgency !== "Non-Federal Agency") {
if (organizationTypeValue !== "federal") {
let seniorOfficialAddUrl = document.getElementById("senior-official-add-url").value; if (organizationTypeDropdown){
let $seniorOfficial = django.jQuery("#id_senior_official"); organizationTypeDropdown.value = "federal";
let readonlySeniorOfficial = document.querySelector(".field-senior_official .readonly"); } else {
let seniorOfficialApi = document.getElementById("senior_official_from_agency_json_url").value; organizationTypeReadonly.innerText = "Federal"
fetch(`${seniorOfficialApi}?agency_name=${selectedText}`) }
.then(response => { }
const statusCode = response.status; } else {
return response.json().then(data => ({ statusCode, data })); if (organizationTypeValue === "federal") {
}) if (organizationTypeDropdown){
.then(({ statusCode, data }) => { organizationTypeDropdown.value = "";
if (data.error) { } else {
// Clear the field if the SO doesn't exist. organizationTypeReadonly.innerText = "-"
if (statusCode === 404) {
if ($seniorOfficial && $seniorOfficial.length > 0) {
$seniorOfficial.val("").trigger("change");
}else {
// Show the "create one now" text if this field is none in readonly mode.
readonlySeniorOfficial.innerHTML = `<a href="${seniorOfficialAddUrl}">No senior official found. Create one now.</a>`;
} }
console.warn("Record not found: " + data.error);
}else {
console.error("Error in AJAX call: " + data.error);
} }
return;
} }
// Update the "contact details" blurb beneath senior official // 2. Handle organization type change side effects
updateContactInfo(data); handleOrganizationTypeChange();
showElement(contactList.parentElement);
// 3. Handle federal type
getFederalTypeFromAgency(selectedFederalAgency).then((federalType) => updateReadOnly(federalType, '.field-federal_type'));
// Get the associated senior official with this federal agency // 4. Handle senior official
let seniorOfficialId = data.id; hideElement(seniorOfficialAddress.parentElement);
let seniorOfficialName = [data.first_name, data.last_name].join(" "); getSeniorOfficialFromAgency(selectedFederalAgency).then((senior_official) => {
if ($seniorOfficial && $seniorOfficial.length > 0) { // Update the "contact details" blurb beneath senior official
// If the senior official is a dropdown field, edit that updateSeniorOfficialContactInfo(senior_official);
updateSeniorOfficialDropdown($seniorOfficial, seniorOfficialId, seniorOfficialName); showElement(seniorOfficialAddress.parentElement);
}else { // Get the associated senior official with this federal agency
if (readonlySeniorOfficial) { let seniorOfficialId = senior_official.id;
let seniorOfficialLink = `<a href=/admin/registrar/seniorofficial/${seniorOfficialId}/change/>${seniorOfficialName}</a>` let seniorOfficialName = [senior_official.first_name, senior_official.last_name].join(" ");
readonlySeniorOfficial.innerHTML = seniorOfficialName ? seniorOfficialLink : "-"; if ($seniorOfficialDropdown && $seniorOfficialDropdown.length > 0) {
// If the senior official is a dropdown field, edit that
updateSeniorOfficialDropdown(seniorOfficialId, seniorOfficialName);
} else {
if (seniorOfficialReadonly) {
let seniorOfficialLink = `<a href=/admin/registrar/seniorofficial/${seniorOfficialId}/change/>${seniorOfficialName}</a>`
seniorOfficialReadonly.innerHTML = seniorOfficialName ? seniorOfficialLink : "-";
}
} }
} })
}) .catch(error => {
.catch(error => console.error("Error fetching senior official: ", error)); if (error.statusCode === 404) {
// Handle "not found" senior official
if ($seniorOfficialDropdown && $seniorOfficialDropdown.length > 0) {
$seniorOfficialDropdown.val("").trigger("change");
} else {
seniorOfficialReadonly.innerHTML = `<a href="${seniorOfficialAddUrl}">No senior official found. Create one now.</a>`;
}
} else {
// Handle other errors
console.error("An error occurred:", error.message);
}
});
} else {
isPageLoading = false;
}
} }
function updateSeniorOfficialDropdown(dropdown, seniorOfficialId, seniorOfficialName) { /**
* Helper for updating federal type field
*/
function updateSeniorOfficialDropdown(seniorOfficialId, seniorOfficialName) {
if (!seniorOfficialId || !seniorOfficialName || !seniorOfficialName.trim()){ if (!seniorOfficialId || !seniorOfficialName || !seniorOfficialName.trim()){
// Clear the field if the SO doesn't exist // Clear the field if the SO doesn't exist
dropdown.val("").trigger("change"); $seniorOfficialDropdown.val("").trigger("change");
return; return;
} }
// Add the senior official to the dropdown. // Add the senior official to the dropdown.
// This format supports select2 - if we decide to convert this field in the future. // This format supports select2 - if we decide to convert this field in the future.
if (dropdown.find(`option[value='${seniorOfficialId}']`).length) { if ($seniorOfficialDropdown.find(`option[value='${seniorOfficialId}']`).length) {
// Select the value that is associated with the current Senior Official. // Select the value that is associated with the current Senior Official.
dropdown.val(seniorOfficialId).trigger("change"); $seniorOfficialDropdown.val(seniorOfficialId).trigger("change");
} else { } else {
// Create a DOM Option that matches the desired Senior Official. Then append it and select it. // Create a DOM Option that matches the desired Senior Official. Then append it and select it.
let userOption = new Option(seniorOfficialName, seniorOfficialId, true, true); let userOption = new Option(seniorOfficialName, seniorOfficialId, true, true);
dropdown.append(userOption).trigger("change"); $seniorOfficialDropdown.append(userOption).trigger("change");
} }
} }
function handleStateTerritoryChange(stateTerritory, urbanizationField) { /**
let selectedValue = stateTerritory.value; * Handle urbanization
*/
function handleStateTerritoryChange() {
let selectedValue = stateTerritoryDropdown.value;
if (selectedValue === "PR") { if (selectedValue === "PR") {
showElement(urbanizationField) showElement(urbanizationField)
} else { } else {
@ -207,11 +216,7 @@ export function initDynamicPortfolioFields(){
} }
/** /**
* Utility that selects a div from the DOM using selectorString, * Helper for updating senior official dropdown
* and updates a div within that div which has class of 'readonly'
* so that the text of the div is updated to updateText
* @param {*} updateText
* @param {*} selectorString
*/ */
function updateReadOnly(updateText, selectorString) { function updateReadOnly(updateText, selectorString) {
// find the div by selectorString // find the div by selectorString
@ -226,34 +231,75 @@ export function initDynamicPortfolioFields(){
} }
} }
function updateContactInfo(data) { /**
if (!contactList) return; * Helper for updating senior official contact info
*/
const titleSpan = contactList.querySelector(".contact_info_title"); function updateSeniorOfficialContactInfo(senior_official) {
const emailSpan = contactList.querySelector(".contact_info_email"); if (!seniorOfficialAddress) return;
const phoneSpan = contactList.querySelector(".contact_info_phone"); const titleSpan = seniorOfficialAddress.querySelector(".contact_info_title");
const emailSpan = seniorOfficialAddress.querySelector(".contact_info_email");
const phoneSpan = seniorOfficialAddress.querySelector(".contact_info_phone");
if (titleSpan) { if (titleSpan) {
titleSpan.textContent = data.title || "None"; titleSpan.textContent = senior_official.title || "None";
}; };
// Update the email field and the content for the clipboard // Update the email field and the content for the clipboard
if (emailSpan) { if (emailSpan) {
let copyButton = contactList.querySelector(".admin-icon-group"); let copyButton = seniorOfficialAddress.querySelector(".admin-icon-group");
emailSpan.textContent = data.email || "None"; emailSpan.textContent = senior_official.email || "None";
if (data.email) { if (senior_official.email) {
const clipboardInput = contactList.querySelector(".admin-icon-group input"); const clipboardInput = seniorOfficialAddress.querySelector(".admin-icon-group input");
if (clipboardInput) { if (clipboardInput) {
clipboardInput.value = data.email; clipboardInput.value = senior_official.email;
}; };
showElement(copyButton); showElement(copyButton);
}else { }else {
hideElement(copyButton); hideElement(copyButton);
} }
} }
if (phoneSpan) { if (phoneSpan) {
phoneSpan.textContent = data.phone || "None"; phoneSpan.textContent = senior_official.phone || "None";
}; };
} }
/**
* Initializes necessary data and display configurations for the portfolio fields.
*/
function initializePortfolioSettings() {
if (urbanizationField && stateTerritoryDropdown) {
handleStateTerritoryChange();
}
handleOrganizationTypeChange();
}
/**
* Sets event listeners for key UI elements.
*/
function setEventListeners() {
if ($federalAgencyDropdown && (organizationTypeDropdown || organizationTypeReadonly)) {
$federalAgencyDropdown.on("change", function() {
handleFederalAgencyChange();
});
}
if (urbanizationField && stateTerritoryDropdown) {
stateTerritoryDropdown.addEventListener("change", function() {
handleStateTerritoryChange();
});
}
organizationTypeDropdown.addEventListener("change", function() {
handleOrganizationTypeChange();
});
}
// Run initial setup functions
initializePortfolioSettings();
setEventListeners();
}
export function initDynamicPortfolioFields() {
document.addEventListener('DOMContentLoaded', function() {
let isPortfolioPage = document.getElementById("portfolio_form");
if (isPortfolioPage) {
handlePortfolioFields();
}
});
} }

16
src/registrar/assets/src/js/getgov/main.js
View file

@ -9,8 +9,8 @@ import { initDomainsTable } from './table-domains.js';
import { initDomainRequestsTable } from './table-domain-requests.js'; import { initDomainRequestsTable } from './table-domain-requests.js';
import { initMembersTable } from './table-members.js'; import { initMembersTable } from './table-members.js';
import { initMemberDomainsTable } from './table-member-domains.js'; import { initMemberDomainsTable } from './table-member-domains.js';
import { initPortfolioMemberPageToggle } from './portfolio-member-page.js'; import { initEditMemberDomainsTable } from './table-edit-member-domains.js';
import { initAddNewMemberPageListeners } from './portfolio-member-page.js'; import { initPortfolioNewMemberPageToggle, initAddNewMemberPageListeners, initPortfolioMemberPageRadio } from './portfolio-member-page.js';
initDomainValidators(); initDomainValidators();
@ -20,13 +20,6 @@ nameserversFormListener();
hookupYesNoListener("other_contacts-has_other_contacts",'other-employees', 'no-other-employees'); hookupYesNoListener("other_contacts-has_other_contacts",'other-employees', 'no-other-employees');
hookupYesNoListener("additional_details-has_anything_else_text",'anything-else', null); hookupYesNoListener("additional_details-has_anything_else_text",'anything-else', null);
hookupRadioTogglerListener(
'member_access_level',
{
'organization_admin': 'new-member-admin-permissions',
'organization_member': 'new-member-basic-permissions'
}
);
hookupYesNoListener("additional_details-has_cisa_representative",'cisa-representative', null); hookupYesNoListener("additional_details-has_cisa_representative",'cisa-representative', null);
initializeUrbanizationToggle(); initializeUrbanizationToggle();
@ -41,6 +34,9 @@ initDomainsTable();
initDomainRequestsTable(); initDomainRequestsTable();
initMembersTable(); initMembersTable();
initMemberDomainsTable(); initMemberDomainsTable();
initEditMemberDomainsTable();
initPortfolioMemberPageToggle(); // Init the portfolio new member page
initPortfolioMemberPageRadio();
initPortfolioNewMemberPageToggle();
initAddNewMemberPageListeners(); initAddNewMemberPageListeners();

35
src/registrar/assets/src/js/getgov/portfolio-member-page.js
View file

@ -2,10 +2,12 @@ import { uswdsInitializeModals } from './helpers-uswds.js';
import { getCsrfToken } from './helpers.js'; import { getCsrfToken } from './helpers.js';
import { generateKebabHTML } from './table-base.js'; import { generateKebabHTML } from './table-base.js';
import { MembersTable } from './table-members.js'; import { MembersTable } from './table-members.js';
import { hookupRadioTogglerListener } from './radios.js';
// This is specifically for the Member Profile (Manage Member) Page member/invitation removal // This is specifically for the Member Profile (Manage Member) Page member/invitation removal
export function initPortfolioMemberPageToggle() { export function initPortfolioNewMemberPageToggle() {
document.addEventListener("DOMContentLoaded", () => { document.addEventListener("DOMContentLoaded", () => {
console.log("initPortfolioNewMemberPageToggle");
const wrapperDeleteAction = document.getElementById("wrapper-delete-action") const wrapperDeleteAction = document.getElementById("wrapper-delete-action")
if (wrapperDeleteAction) { if (wrapperDeleteAction) {
const member_type = wrapperDeleteAction.getAttribute("data-member-type"); const member_type = wrapperDeleteAction.getAttribute("data-member-type");
@ -49,7 +51,8 @@ export function initPortfolioMemberPageToggle() {
* on the Add New Member page. * on the Add New Member page.
*/ */
export function initAddNewMemberPageListeners() { export function initAddNewMemberPageListeners() {
let add_member_form = document.getElementById("add_member_form") console.log("initializing add new member page listeners");
let add_member_form = document.getElementById("add_member_form");
if (!add_member_form){ if (!add_member_form){
return; return;
} }
@ -169,4 +172,30 @@ export function initAddNewMemberPageListeners() {
} }
} }
} }
// Initalize the radio for the member pages
export function initPortfolioMemberPageRadio() {
document.addEventListener("DOMContentLoaded", () => {
let memberForm = document.getElementById("member_form");
let newMemberForm = document.getElementById("add_member_form")
if (memberForm) {
hookupRadioTogglerListener(
'role',
{
'organization_admin': 'member-admin-permissions',
'organization_member': 'member-basic-permissions'
}
);
}else if (newMemberForm){
console.log("initializing listeners")
hookupRadioTogglerListener(
'member_access_level',
{
'organization_admin': 'new-member-admin-permissions',
'organization_member': 'new-member-basic-permissions'
}
);
}
});
}

12
src/registrar/assets/src/js/getgov/radios.js
View file

@ -38,21 +38,21 @@ export function hookupYesNoListener(radioButtonName, elementIdToShowIfYes, eleme
**/ **/
export function hookupRadioTogglerListener(radioButtonName, valueToElementMap) { export function hookupRadioTogglerListener(radioButtonName, valueToElementMap) {
// Get the radio buttons // Get the radio buttons
let radioButtons = document.querySelectorAll('input[name="'+radioButtonName+'"]'); let radioButtons = document.querySelectorAll(`input[name="${radioButtonName}"]`);
// Extract the list of all element IDs from the valueToElementMap // Extract the list of all element IDs from the valueToElementMap
let allElementIds = Object.values(valueToElementMap); let allElementIds = Object.values(valueToElementMap);
function handleRadioButtonChange() { function handleRadioButtonChange() {
// Find the checked radio button // Find the checked radio button
let radioButtonChecked = document.querySelector('input[name="'+radioButtonName+'"]:checked'); let radioButtonChecked = document.querySelector(`input[name="${radioButtonName}"]:checked`);
let selectedValue = radioButtonChecked ? radioButtonChecked.value : null; let selectedValue = radioButtonChecked ? radioButtonChecked.value : null;
// Hide all elements by default // Hide all elements by default
allElementIds.forEach(function (elementId) { allElementIds.forEach(function (elementId) {
let element = document.getElementById(elementId); let element = document.getElementById(elementId);
if (element) { if (element) {
hideElement(element); hideElement(element);
} }
}); });
@ -64,8 +64,8 @@ export function hookupRadioTogglerListener(radioButtonName, valueToElementMap) {
} }
} }
} }
if (radioButtons.length) { if (radioButtons && radioButtons.length) {
// Add event listener to each radio button // Add event listener to each radio button
radioButtons.forEach(function (radioButton) { radioButtons.forEach(function (radioButton) {
radioButton.addEventListener('change', handleRadioButtonChange); radioButton.addEventListener('change', handleRadioButtonChange);

11
src/registrar/assets/src/js/getgov/table-base.js
View file

@ -126,6 +126,7 @@ export function generateKebabHTML(action, unique_id, modal_button_text, screen_r
export class BaseTable { export class BaseTable {
constructor(itemName) { constructor(itemName) {
this.itemName = itemName; this.itemName = itemName;
this.displayName = itemName;
this.sectionSelector = itemName + 's'; this.sectionSelector = itemName + 's';
this.tableWrapper = document.getElementById(`${this.sectionSelector}__table-wrapper`); this.tableWrapper = document.getElementById(`${this.sectionSelector}__table-wrapper`);
this.tableHeaders = document.querySelectorAll(`#${this.sectionSelector} th[data-sortable]`); this.tableHeaders = document.querySelectorAll(`#${this.sectionSelector} th[data-sortable]`);
@ -183,7 +184,7 @@ export class BaseTable {
// Counter should only be displayed if there is more than 1 item // Counter should only be displayed if there is more than 1 item
paginationSelectorEl.classList.toggle('display-none', totalItems < 1); paginationSelectorEl.classList.toggle('display-none', totalItems < 1);
counterSelectorEl.innerHTML = `${totalItems} ${this.itemName}${totalItems > 1 ? 's' : ''}${this.currentSearchTerm ? ' for ' + '"' + this.currentSearchTerm + '"' : ''}`; counterSelectorEl.innerHTML = `${totalItems} ${this.displayName}${totalItems > 1 ? 's' : ''}${this.currentSearchTerm ? ' for ' + '"' + this.currentSearchTerm + '"' : ''}`;
// Helper function to create a pagination item // Helper function to create a pagination item
const createPaginationItem = (page) => { const createPaginationItem = (page) => {
@ -416,6 +417,11 @@ export class BaseTable {
*/ */
initShowMoreButtons(){} initShowMoreButtons(){}
/**
* See function for more details
*/
initCheckboxListeners(){}
/** /**
* Loads rows in the members list, as well as updates pagination around the members list * Loads rows in the members list, as well as updates pagination around the members list
* based on the supplied attributes. * based on the supplied attributes.
@ -431,7 +437,7 @@ export class BaseTable {
let searchParams = this.getSearchParams(page, sortBy, order, searchTerm, status, portfolio); let searchParams = this.getSearchParams(page, sortBy, order, searchTerm, status, portfolio);
// --------- FETCH DATA // --------- FETCH DATA
// fetch json of page of domains, given params // fetch json of page of objects, given params
const baseUrlValue = this.getBaseUrl()?.innerHTML ?? null; const baseUrlValue = this.getBaseUrl()?.innerHTML ?? null;
if (!baseUrlValue) return; if (!baseUrlValue) return;
@ -462,6 +468,7 @@ export class BaseTable {
}); });
this.initShowMoreButtons(); this.initShowMoreButtons();
this.initCheckboxListeners();
this.loadModals(data.page, data.total, data.unfiltered_total); this.loadModals(data.page, data.total, data.unfiltered_total);

1
src/registrar/assets/src/js/getgov/table-domain-requests.js
View file

@ -23,6 +23,7 @@ export class DomainRequestsTable extends BaseTable {
constructor() { constructor() {
super('domain-request'); super('domain-request');
this.displayName = "domain request";
} }
getBaseUrl() { getBaseUrl() {

234
src/registrar/assets/src/js/getgov/table-edit-member-domains.js Normal file
View file

@ -0,0 +1,234 @@
import { BaseTable } from './table-base.js';
/**
* EditMemberDomainsTable is used for PortfolioMember and PortfolioInvitedMember
* Domain Editing.
*
* This table has additional functionality for tracking and making changes
* to domains assigned to the member/invited member.
*/
export class EditMemberDomainsTable extends BaseTable {
constructor() {
super('edit-member-domain');
this.displayName = "domain";
this.currentSortBy = 'name';
this.initialDomainAssignments = []; // list of initially assigned domains
this.initialDomainAssignmentsOnlyMember = []; // list of initially assigned domains which are readonly
this.addedDomains = []; // list of domains added to member
this.removedDomains = []; // list of domains removed from member
this.initializeDomainAssignments();
this.initCancelEditDomainAssignmentButton();
}
getBaseUrl() {
return document.getElementById("get_member_domains_json_url");
}
getDataObjects(data) {
return data.domains;
}
/** getDomainAssignmentSearchParams is used to prepare search to populate
* initialDomainAssignments and initialDomainAssignmentsOnlyMember
*
* searches with memberOnly True so that only domains assigned to the member are returned
*/
getDomainAssignmentSearchParams(portfolio) {
let searchParams = new URLSearchParams();
let emailValue = this.portfolioElement ? this.portfolioElement.getAttribute('data-email') : null;
let memberIdValue = this.portfolioElement ? this.portfolioElement.getAttribute('data-member-id') : null;
let memberOnly = true;
if (portfolio)
searchParams.append("portfolio", portfolio);
if (emailValue)
searchParams.append("email", emailValue);
if (memberIdValue)
searchParams.append("member_id", memberIdValue);
if (memberOnly)
searchParams.append("member_only", memberOnly);
return searchParams;
}
/** getSearchParams extends base class getSearchParams.
*
* additional searchParam for this table is checkedDomains. This is used to allow
* for backend sorting by domains which are 'checked' in the form.
*/
getSearchParams(page, sortBy, order, searchTerm, status, portfolio) {
let searchParams = super.getSearchParams(page, sortBy, order, searchTerm, status, portfolio);
// Add checkedDomains to searchParams
// Clone the initial domains to avoid mutating them
let checkedDomains = [...this.initialDomainAssignments];
// Add IDs from addedDomains that are not already in checkedDomains
this.addedDomains.forEach(domain => {
if (!checkedDomains.includes(domain.id)) {
checkedDomains.push(domain.id);
}
});
// Remove IDs from removedDomains
this.removedDomains.forEach(domain => {
const index = checkedDomains.indexOf(domain.id);
if (index !== -1) {
checkedDomains.splice(index, 1);
}
});
// Append updated checkedDomain IDs to searchParams
if (checkedDomains.length > 0) {
searchParams.append("checkedDomainIds", checkedDomains.join(","));
}
return searchParams;
}
addRow(dataObject, tbody, customTableOptions) {
const domain = dataObject;
const row = document.createElement('tr');
let checked = false;
let disabled = false;
if (
(this.initialDomainAssignments.includes(domain.id) ||
this.addedDomains.map(obj => obj.id).includes(domain.id)) &&
!this.removedDomains.map(obj => obj.id).includes(domain.id)
) {
checked = true;
}
if (this.initialDomainAssignmentsOnlyMember.includes(domain.id)) {
disabled = true;
}
row.innerHTML = `
<td data-label="Selection" data-sort-value="0" class="padding-right-105">
<div class="usa-checkbox">
<input
class="usa-checkbox__input"
id="${domain.id}"
type="checkbox"
name="${domain.name}"
value="${domain.id}"
${checked ? 'checked' : ''}
${disabled ? 'disabled' : ''}
/>
<label class="usa-checkbox__label margin-top-0" for="${domain.id}">
<span class="sr-only">${domain.id}</span>
</label>
</div>
</td>
<td data-label="Domain name">
${domain.name}
${disabled ? '<span class="display-block margin-top-05 text-gray-50">Domains must have one domain manager. To unassign this member, the domain needs another domain manager.</span>' : ''}
</td>
`;
tbody.appendChild(row);
}
/**
* initializeDomainAssignments searches via ajax on page load for domains assigned to
* member. It populates both initialDomainAssignments and initialDomainAssignmentsOnlyMember.
* It is called once per page load, but not called with subsequent table changes.
*/
initializeDomainAssignments() {
const baseUrlValue = this.getBaseUrl()?.innerHTML ?? null;
if (!baseUrlValue) return;
let searchParams = this.getDomainAssignmentSearchParams(this.portfolioValue);
let url = baseUrlValue + "?" + searchParams.toString();
fetch(url)
.then(response => response.json())
.then(data => {
if (data.error) {
console.error('Error in AJAX call: ' + data.error);
return;
}
let dataObjects = this.getDataObjects(data);
// Map the id attributes of dataObjects to this.initialDomainAssignments
this.initialDomainAssignments = dataObjects.map(obj => obj.id);
this.initialDomainAssignmentsOnlyMember = dataObjects
.filter(obj => obj.member_is_only_manager)
.map(obj => obj.id);
})
.catch(error => console.error('Error fetching domain assignments:', error));
}
/**
* Initializes listeners on checkboxes in the table. Checkbox listeners are used
* in this case to track changes to domain assignments in js (addedDomains and removedDomains)
* before changes are saved.
* initCheckboxListeners is called each time table is loaded.
*/
initCheckboxListeners() {
const checkboxes = this.tableWrapper.querySelectorAll('input[type="checkbox"]');
checkboxes.forEach(checkbox => {
checkbox.addEventListener('change', () => {
const domain = { id: +checkbox.value, name: checkbox.name };
if (checkbox.checked) {
this.updateDomainLists(domain, this.removedDomains, this.addedDomains);
} else {
this.updateDomainLists(domain, this.addedDomains, this.removedDomains);
}
});
});
}
/**
* Helper function which updates domain lists. When called, if domain is in the fromList,
* it removes it; if domain is not in the toList, it is added to the toList.
* @param {*} domain - object containing the domain id and name
* @param {*} fromList - list of domains
* @param {*} toList - list of domains
*/
updateDomainLists(domain, fromList, toList) {
const index = fromList.findIndex(item => item.id === domain.id && item.name === domain.name);
if (index > -1) {
fromList.splice(index, 1); // Remove from the `fromList` if it exists
} else {
toList.push(domain); // Add to the `toList` if not already there
}
}
/**
* initializes the Cancel button on the Edit domains page.
* Cancel triggers modal in certain conditions and the initialization for the modal is done
* in this function.
*/
initCancelEditDomainAssignmentButton() {
const cancelEditDomainAssignmentButton = document.getElementById('cancel-edit-domain-assignments');
if (!cancelEditDomainAssignmentButton) {
console.error("Expected element #cancel-edit-domain-assignments, but it does not exist.");
return; // Exit early if the button doesn't exist
}
// Find the last breadcrumb link
const lastPageLinkElement = document.querySelector('.usa-breadcrumb__list-item:nth-last-child(2) a');
const lastPageLink = lastPageLinkElement ? lastPageLinkElement.getAttribute('href') : null;
const hiddenModalTrigger = document.getElementById("hidden-cancel-edit-domain-assignments-modal-trigger");
if (!lastPageLink) {
console.warn("Last breadcrumb link not found or missing href.");
}
if (!hiddenModalTrigger) {
console.warn("Hidden modal trigger not found.");
}
// Add click event listener
cancelEditDomainAssignmentButton.addEventListener('click', () => {
if (this.addedDomains.length || this.removedDomains.length) {
console.log('Changes detected. Triggering modal...');
hiddenModalTrigger.click();
} else if (lastPageLink) {
window.location.href = lastPageLink; // Redirect to the last breadcrumb link
} else {
console.warn("No changes detected, but no valid lastPageLink to navigate to.");
}
});
}
}
export function initEditMemberDomainsTable() {
document.addEventListener('DOMContentLoaded', function() {
const isEditMemberDomainsPage = document.getElementById("edit-member-domains");
if (isEditMemberDomainsPage) {
const editMemberDomainsTable = new EditMemberDomainsTable();
if (editMemberDomainsTable.tableWrapper) {
// Initial load
editMemberDomainsTable.loadTable(1);
}
}
});
}

1
src/registrar/assets/src/js/getgov/table-member-domains.js
View file

@ -5,6 +5,7 @@ export class MemberDomainsTable extends BaseTable {
constructor() { constructor() {
super('member-domain'); super('member-domain');
this.displayName = "domain";
this.currentSortBy = 'name'; this.currentSortBy = 'name';
} }
getBaseUrl() { getBaseUrl() {

8
src/registrar/assets/src/sass/_theme/_tables.scss
View file

@ -73,11 +73,15 @@ th {
} }
} }
td, th, td, th {
.usa-tabel th{
padding: units(2) units(4) units(2) 0; padding: units(2) units(4) units(2) 0;
} }
// Hack fix to the overly specific selector above that broke utility class usefulness
.padding-right-105 {
padding-right: .75rem;
}
thead tr:first-child th:first-child { thead tr:first-child th:first-child {
border-top: none; border-top: none;
} }

10
src/registrar/config/urls.py
View file

@ -109,6 +109,11 @@ urlpatterns = [
views.PortfolioMemberDomainsView.as_view(), views.PortfolioMemberDomainsView.as_view(),
name="member-domains", name="member-domains",
), ),
path(
"member/<int:pk>/domains/edit",
views.PortfolioMemberDomainsEditView.as_view(),
name="member-domains-edit",
),
path( path(
"invitedmember/<int:pk>", "invitedmember/<int:pk>",
views.PortfolioInvitedMemberView.as_view(), views.PortfolioInvitedMemberView.as_view(),
@ -129,6 +134,11 @@ urlpatterns = [
views.PortfolioInvitedMemberDomainsView.as_view(), views.PortfolioInvitedMemberDomainsView.as_view(),
name="invitedmember-domains", name="invitedmember-domains",
), ),
path(
"invitedmember/<int:pk>/domains/edit",
views.PortfolioInvitedMemberDomainsEditView.as_view(),
name="invitedmember-domains-edit",
),
# path( # path(
# "no-organization-members/", # "no-organization-members/",
# views.PortfolioNoMembersView.as_view(), # views.PortfolioNoMembersView.as_view(),

15
src/registrar/context_processors.py
View file

@ -99,7 +99,7 @@ def portfolio_permissions(request):
def is_widescreen_mode(request): def is_widescreen_mode(request):
widescreen_paths = [] widescreen_paths = [] # If this list is meant to include specific paths, populate it.
portfolio_widescreen_paths = [ portfolio_widescreen_paths = [
"/domains/", "/domains/",
"/requests/", "/requests/",
@ -108,10 +108,21 @@ def is_widescreen_mode(request):
"/no-organization-domains/", "/no-organization-domains/",
"/domain-request/", "/domain-request/",
] ]
# widescreen_paths can be a bear as it trickles down sub-urls. exclude_paths gives us a way out.
exclude_paths = [
"/domains/edit",
]
# Check if the current path matches a widescreen path or the root path.
is_widescreen = any(path in request.path for path in widescreen_paths) or request.path == "/" is_widescreen = any(path in request.path for path in widescreen_paths) or request.path == "/"
is_portfolio_widescreen = bool(
# Check if the user is an organization user and the path matches portfolio paths.
is_portfolio_widescreen = (
hasattr(request.user, "is_org_user") hasattr(request.user, "is_org_user")
and request.user.is_org_user(request) and request.user.is_org_user(request)
and any(path in request.path for path in portfolio_widescreen_paths) and any(path in request.path for path in portfolio_widescreen_paths)
and not any(exclude_path in request.path for exclude_path in exclude_paths)
) )
# Return a dictionary with the widescreen mode status.
return {"is_widescreen_mode": is_widescreen or is_portfolio_widescreen} return {"is_widescreen_mode": is_widescreen or is_portfolio_widescreen}

526
src/registrar/forms/portfolio.py
View file

@ -4,6 +4,7 @@ import logging
from django import forms from django import forms
from django.core.validators import RegexValidator from django.core.validators import RegexValidator
from django.core.validators import MaxLengthValidator from django.core.validators import MaxLengthValidator
from django.utils.safestring import mark_safe
from registrar.models import ( from registrar.models import (
PortfolioInvitation, PortfolioInvitation,
@ -110,58 +111,518 @@ class PortfolioSeniorOfficialForm(forms.ModelForm):
return cleaned_data return cleaned_data
class PortfolioMemberForm(forms.ModelForm):
class BasePortfolioMemberForm(forms.Form):
"""Base form for the PortfolioMemberForm and PortfolioInvitedMemberForm"""
class Meta:
model = None
fields = ["portfolio", "roles", "additional_permissions"]
# The label for each of these has a red "required" star. We can just embed that here for simplicity.
required_star = '<abbr class="usa-hint usa-hint--required" title="required">*</abbr>'
role = forms.ChoiceField(
choices=[
# Uses .value because the choice has a different label (on /admin)
(UserPortfolioRoleChoices.ORGANIZATION_ADMIN.value, "Admin access"),
(UserPortfolioRoleChoices.ORGANIZATION_MEMBER.value, "Basic access"),
],
widget=forms.RadioSelect,
required=True,
error_messages={
"required": "Member access level is required",
},
)
domain_request_permission_admin = forms.ChoiceField(
label=mark_safe(f"Select permission {required_star}"), # nosec
choices=[
(UserPortfolioPermissionChoices.VIEW_ALL_REQUESTS.value, "View all requests"),
(UserPortfolioPermissionChoices.EDIT_REQUESTS.value, "View all requests plus create requests"),
],
widget=forms.RadioSelect,
required=False,
error_messages={
"required": "Admin domain request permission is required",
},
)
member_permission_admin = forms.ChoiceField(
label=mark_safe(f"Select permission {required_star}"), # nosec
choices=[
(UserPortfolioPermissionChoices.VIEW_MEMBERS.value, "View all members"),
(UserPortfolioPermissionChoices.EDIT_MEMBERS.value, "View all members plus manage members"),
],
widget=forms.RadioSelect,
required=False,
error_messages={
"required": "Admin member permission is required",
},
)
domain_request_permission_member = forms.ChoiceField(
label=mark_safe(f"Select permission {required_star}"), # nosec
choices=[
(UserPortfolioPermissionChoices.VIEW_ALL_REQUESTS.value, "View all requests"),
(UserPortfolioPermissionChoices.EDIT_REQUESTS.value, "View all requests plus create requests"),
("no_access", "No access"),
],
widget=forms.RadioSelect,
required=False,
error_messages={
"required": "Basic member permission is required",
},
)
# Tracks what form elements are required for a given role choice.
# All of the fields included here have "required=False" by default as they are conditionally required.
# see def clean() for more details.
ROLE_REQUIRED_FIELDS = {
UserPortfolioRoleChoices.ORGANIZATION_ADMIN: [
"domain_request_permission_admin",
"member_permission_admin",
],
UserPortfolioRoleChoices.ORGANIZATION_MEMBER: [
"domain_request_permission_member",
],
}
# def __init__(self, *args, instance=None, **kwargs):
# """Initialize self.instance, self.initial, and descriptions under each radio button.
# Uses map_instance_to_initial to set the initial dictionary."""
# super().__init__(*args, **kwargs)
# if instance:
# self.instance = instance
# self.initial = self.map_instance_to_initial(self.instance)
# # Adds a <p> description beneath each role option
# self.fields["role"].descriptions = {
# "organization_admin": UserPortfolioRoleChoices.get_role_description(
# UserPortfolioRoleChoices.ORGANIZATION_ADMIN
# ),
# "organization_member": UserPortfolioRoleChoices.get_role_description(
# UserPortfolioRoleChoices.ORGANIZATION_MEMBER
# ),
# }
def __init__(self, *args, **kwargs):
"""Initialize self.instance, self.initial, and descriptions under each radio button.
Uses map_instance_to_initial to set the initial dictionary."""
super().__init__(*args, **kwargs)
self.fields["role"].descriptions = {
"organization_admin": UserPortfolioRoleChoices.get_role_description(
UserPortfolioRoleChoices.ORGANIZATION_ADMIN
),
"organization_member": UserPortfolioRoleChoices.get_role_description(
UserPortfolioRoleChoices.ORGANIZATION_MEMBER
),
}
def save(self):
"""Saves self.instance by grabbing data from self.cleaned_data.
Uses map_cleaned_data_to_instance.
"""
self.instance = self.map_cleaned_data_to_instance(self.cleaned_data, self.instance)
self.instance.save()
return self.instance
def clean(self):
"""Validates form data based on selected role and its required fields."""
cleaned_data = super().clean()
role = cleaned_data.get("role")
# Get required fields for the selected role. Then validate all required fields for the role.
required_fields = self.ROLE_REQUIRED_FIELDS.get(role, [])
for field_name in required_fields:
# Helpful error for if this breaks
if field_name not in self.fields:
raise ValueError(f"ROLE_REQUIRED_FIELDS referenced a non-existent field: {field_name}.")
if not cleaned_data.get(field_name):
self.add_error(field_name, self.fields.get(field_name).error_messages.get("required"))
# Edgecase: Member uses a special form value for None called "no_access".
if cleaned_data.get("domain_request_permission_member") == "no_access":
cleaned_data["domain_request_permission_member"] = None
return cleaned_data
# Explanation of how map_instance_to_initial / map_cleaned_data_to_instance work:
# map_instance_to_initial => called on init to set self.initial.
# Converts the incoming object (usually PortfolioInvitation or UserPortfolioPermission)
# into a dictionary representation for the form to use automatically.
# map_cleaned_data_to_instance => called on save() to save the instance to the db.
# Takes the self.cleaned_data dict, and converts this dict back to the object.
def map_instance_to_initial(self, instance):
"""
Maps self.instance to self.initial, handling roles and permissions.
Returns form data dictionary with appropriate permission levels based on user role:
{
"role": "organization_admin" or "organization_member",
"member_permission_admin": permission level if admin,
"domain_request_permission_admin": permission level if admin,
"domain_request_permission_member": permission level if member
}
"""
# Function variables
form_data = {}
perms = UserPortfolioPermission.get_portfolio_permissions(
instance.roles, instance.additional_permissions, get_list=False
)
# Get the available options for roles, domains, and member.
roles = [
UserPortfolioRoleChoices.ORGANIZATION_ADMIN,
UserPortfolioRoleChoices.ORGANIZATION_MEMBER,
]
domain_perms = [
UserPortfolioPermissionChoices.EDIT_REQUESTS,
UserPortfolioPermissionChoices.VIEW_ALL_REQUESTS,
]
member_perms = [
UserPortfolioPermissionChoices.EDIT_MEMBERS,
UserPortfolioPermissionChoices.VIEW_MEMBERS,
]
# Build form data based on role (which options are available).
# Get which one should be "selected" by assuming that EDIT takes precedence over view,
# and ADMIN takes precedence over MEMBER.
roles = instance.roles or []
selected_role = next((role for role in roles if role in roles), None)
form_data = {"role": selected_role}
is_admin = selected_role == UserPortfolioRoleChoices.ORGANIZATION_ADMIN
if is_admin:
selected_domain_permission = next((perm for perm in domain_perms if perm in perms), None)
selected_member_permission = next((perm for perm in member_perms if perm in perms), None)
form_data["domain_request_permission_admin"] = selected_domain_permission
form_data["member_permission_admin"] = selected_member_permission
else:
# Edgecase: Member uses a special form value for None called "no_access". This ensures a form selection.
selected_domain_permission = next((perm for perm in domain_perms if perm in perms), "no_access")
form_data["domain_request_permission_member"] = selected_domain_permission
return form_data
def map_cleaned_data_to_instance(self, cleaned_data, instance):
"""
Maps self.cleaned_data to self.instance, setting roles and permissions.
Args:
cleaned_data (dict): Cleaned data containing role and permission choices
instance: Instance to update
Returns:
instance: Updated instance
"""
role = cleaned_data.get("role")
# Handle roles
instance.roles = [role]
# Handle additional_permissions
valid_fields = self.ROLE_REQUIRED_FIELDS.get(role, [])
additional_permissions = {cleaned_data.get(field) for field in valid_fields if cleaned_data.get(field)}
# Handle EDIT permissions (should be accompanied with a view permission)
if UserPortfolioPermissionChoices.EDIT_MEMBERS in additional_permissions:
additional_permissions.add(UserPortfolioPermissionChoices.VIEW_MEMBERS)
if UserPortfolioPermissionChoices.EDIT_REQUESTS in additional_permissions:
additional_permissions.add(UserPortfolioPermissionChoices.VIEW_ALL_REQUESTS)
# Only set unique permissions not already defined in the base role
role_permissions = UserPortfolioPermission.get_portfolio_permissions(instance.roles, [], get_list=False)
instance.additional_permissions = list(additional_permissions - role_permissions)
return instance
class PortfolioMemberForm(BasePortfolioMemberForm):
""" """
Form for updating a portfolio member. Form for updating a portfolio member.
""" """
roles = forms.MultipleChoiceField(
choices=UserPortfolioRoleChoices.choices,
widget=forms.SelectMultiple(attrs={"class": "usa-select"}),
required=False,
label="Roles",
)
additional_permissions = forms.MultipleChoiceField(
choices=UserPortfolioPermissionChoices.choices,
widget=forms.SelectMultiple(attrs={"class": "usa-select"}),
required=False,
label="Additional Permissions",
)
class Meta: class Meta:
model = UserPortfolioPermission model = UserPortfolioPermission
fields = [ fields = BasePortfolioMemberForm.Meta.fields + ["user"]
"roles",
"additional_permissions",
]
class PortfolioInvitedMemberForm(forms.ModelForm): class PortfolioInvitedMemberForm(forms.ModelForm):
""" """
Form for updating a portfolio invited member. Form for updating a portfolio invited member.
""" """
required_star = '<abbr class="usa-hint usa-hint--required" title="required">*</abbr>'
roles = forms.MultipleChoiceField( role = forms.ChoiceField(
choices=UserPortfolioRoleChoices.choices, choices=[
widget=forms.SelectMultiple(attrs={"class": "usa-select"}), # Uses .value because the choice has a different label (on /admin)
required=False, (UserPortfolioRoleChoices.ORGANIZATION_ADMIN.value, "Admin access"),
label="Roles", (UserPortfolioRoleChoices.ORGANIZATION_MEMBER.value, "Basic access"),
],
widget=forms.RadioSelect,
required=True,
error_messages={
"required": "Member access level is required",
},
) )
additional_permissions = forms.MultipleChoiceField( domain_request_permission_admin = forms.ChoiceField(
choices=UserPortfolioPermissionChoices.choices, label=mark_safe(f"Select permission {required_star}"), # nosec
widget=forms.SelectMultiple(attrs={"class": "usa-select"}), choices=[
(UserPortfolioPermissionChoices.VIEW_ALL_REQUESTS.value, "View all requests"),
(UserPortfolioPermissionChoices.EDIT_REQUESTS.value, "View all requests plus create requests"),
],
widget=forms.RadioSelect,
required=False, required=False,
label="Additional Permissions", error_messages={
"required": "Admin domain request permission is required",
},
) )
member_permission_admin = forms.ChoiceField(
label=mark_safe(f"Select permission {required_star}"), # nosec
choices=[
(UserPortfolioPermissionChoices.VIEW_MEMBERS.value, "View all members"),
(UserPortfolioPermissionChoices.EDIT_MEMBERS.value, "View all members plus manage members"),
],
widget=forms.RadioSelect,
required=False,
error_messages={
"required": "Admin member permission is required",
},
)
domain_request_permission_member = forms.ChoiceField(
label=mark_safe(f"Select permission {required_star}"), # nosec
choices=[
(UserPortfolioPermissionChoices.VIEW_ALL_REQUESTS.value, "View all requests"),
(UserPortfolioPermissionChoices.EDIT_REQUESTS.value, "View all requests plus create requests"),
("no_access", "No access"),
],
widget=forms.RadioSelect,
required=False,
error_messages={
"required": "Basic member permission is required",
},
)
ROLE_REQUIRED_FIELDS = {
UserPortfolioRoleChoices.ORGANIZATION_ADMIN: [
"domain_request_permission_admin",
"member_permission_admin",
],
UserPortfolioRoleChoices.ORGANIZATION_MEMBER: [
"domain_request_permission_member",
],
}
class Meta: class Meta:
model = PortfolioInvitation model = PortfolioInvitation
fields = [ fields = ["roles", "additional_permissions" ]
"roles",
"additional_permissions", def __init__(self, *args, **kwargs):
"""
Override the form's initialization to map existing model values
to custom form fields.
"""
super().__init__(*args, **kwargs)
self.fields["role"].descriptions = {
"organization_admin": UserPortfolioRoleChoices.get_role_description(
UserPortfolioRoleChoices.ORGANIZATION_ADMIN
),
"organization_member": UserPortfolioRoleChoices.get_role_description(
UserPortfolioRoleChoices.ORGANIZATION_MEMBER
),
}
# Map model instance values to custom form fields
logger.info(self.instance)
logger.info(self.initial)
if self.instance:
self.map_instance_to_initial()
# def clean(self):
# logger.info(self.cleaned_data)
# # Lowercase the value of the 'email' field
# email_value = self.cleaned_data.get("email")
# if email_value:
# self.cleaned_data["email"] = email_value.lower()
# # Get the selected role
# role = self.cleaned_data.get("role")
# # If no member access level is selected, remove errors for hidden inputs
# if not role:
# self._remove_hidden_field_errors(exclude_fields=["email", "role"])
# return self.cleaned_data
# # Define field names for validation cleanup
# field_error_map = {
# "organization_admin": ["domain_request_permission_member"], # Fields irrelevant to "admin"
# "organization_member": ["domain_request_permission_admin", "member_permission_admin"], # Fields irrelevant to "basic"
# }
# # Remove errors for irrelevant fields based on the selected access level
# irrelevant_fields = field_error_map.get(role, [])
# for field in irrelevant_fields:
# if field in self.errors:
# del self.errors[field]
# # Map roles and additional permissions to cleaned_data
# self.cleaned_data["roles"] = [role]
# additional_permissions = [
# self.cleaned_data.get("domain_request_permission_member"),
# self.cleaned_data.get("domain_request_permission_admin"),
# self.cleaned_data.get("member_permission_admin"),
# ]
# # Filter out None values
# self.cleaned_data["additional_permissions"] = [perm for perm in additional_permissions if perm]
# logger.info(self.cleaned_data)
# return super().clean()
# def _remove_hidden_field_errors(self, exclude_fields=None):
# """
# Helper method to remove errors for fields that are not relevant
# (e.g., hidden inputs), except for explicitly excluded fields.
# """
# exclude_fields = exclude_fields or []
# hidden_fields = [field for field in self.fields if field not in exclude_fields]
# for field in hidden_fields:
# if field in self.errors:
# del self.errors[field]
# def save(self):
# """Saves self.instance by grabbing data from self.cleaned_data.
# Uses map_cleaned_data_to_instance.
# """
# self.instance = self.map_cleaned_data_to_instance(self.cleaned_data, self.instance)
# self.instance.save()
# return self.instance
def clean(self):
"""Validates form data based on selected role and its required fields."""
logger.info("clean")
cleaned_data = super().clean()
role = cleaned_data.get("role")
# Get required fields for the selected role. Then validate all required fields for the role.
required_fields = self.ROLE_REQUIRED_FIELDS.get(role, [])
for field_name in required_fields:
# Helpful error for if this breaks
if field_name not in self.fields:
raise ValueError(f"ROLE_REQUIRED_FIELDS referenced a non-existent field: {field_name}.")
if not cleaned_data.get(field_name):
self.add_error(field_name, self.fields.get(field_name).error_messages.get("required"))
# Edgecase: Member uses a special form value for None called "no_access".
if cleaned_data.get("domain_request_permission_member") == "no_access":
cleaned_data["domain_request_permission_member"] = None
logger.info("map_cleaned_data_to_instance")
logger.info(self.cleaned_data)
role = cleaned_data.get("role")
# Handle roles
cleaned_data["roles"] = [role]
# Handle additional_permissions
valid_fields = self.ROLE_REQUIRED_FIELDS.get(role, [])
additional_permissions = {cleaned_data.get(field) for field in valid_fields if cleaned_data.get(field)}
# Handle EDIT permissions (should be accompanied with a view permission)
if UserPortfolioPermissionChoices.EDIT_MEMBERS in additional_permissions:
additional_permissions.add(UserPortfolioPermissionChoices.VIEW_MEMBERS)
if UserPortfolioPermissionChoices.EDIT_REQUESTS in additional_permissions:
additional_permissions.add(UserPortfolioPermissionChoices.VIEW_ALL_REQUESTS)
# Only set unique permissions not already defined in the base role
role_permissions = UserPortfolioPermission.get_portfolio_permissions(cleaned_data["roles"], [], get_list=False)
cleaned_data["additional_permissions"] = list(additional_permissions - role_permissions)
logger.info(cleaned_data)
return cleaned_data
def map_instance_to_initial(self):
"""
Maps self.instance to self.initial, handling roles and permissions.
Returns form data dictionary with appropriate permission levels based on user role:
{
"role": "organization_admin" or "organization_member",
"member_permission_admin": permission level if admin,
"domain_request_permission_admin": permission level if admin,
"domain_request_permission_member": permission level if member
}
"""
logger.info(self.instance)
# Function variables
if self.initial is None:
self.initial = {}
perms = UserPortfolioPermission.get_portfolio_permissions(
self.instance.roles, self.instance.additional_permissions, get_list=False
)
# Get the available options for roles, domains, and member.
roles = [
UserPortfolioRoleChoices.ORGANIZATION_ADMIN,
UserPortfolioRoleChoices.ORGANIZATION_MEMBER,
] ]
domain_perms = [
UserPortfolioPermissionChoices.EDIT_REQUESTS,
UserPortfolioPermissionChoices.VIEW_ALL_REQUESTS,
]
member_perms = [
UserPortfolioPermissionChoices.EDIT_MEMBERS,
UserPortfolioPermissionChoices.VIEW_MEMBERS,
]
# Build form data based on role (which options are available).
# Get which one should be "selected" by assuming that EDIT takes precedence over view,
# and ADMIN takes precedence over MEMBER.
roles = self.instance.roles or []
selected_role = next((role for role in roles if role in roles), None)
self.initial["role"] = selected_role
is_admin = selected_role == UserPortfolioRoleChoices.ORGANIZATION_ADMIN
if is_admin:
selected_domain_permission = next((perm for perm in domain_perms if perm in perms), None)
selected_member_permission = next((perm for perm in member_perms if perm in perms), None)
self.initial["domain_request_permission_admin"] = selected_domain_permission
self.initial["member_permission_admin"] = selected_member_permission
else:
# Edgecase: Member uses a special form value for None called "no_access". This ensures a form selection.
selected_domain_permission = next((perm for perm in domain_perms if perm in perms), "no_access")
self.initial["domain_request_permission_member"] = selected_domain_permission
logger.info(self.initial)
def map_cleaned_data_to_instance(self, cleaned_data, instance):
"""
Maps self.cleaned_data to self.instance, setting roles and permissions.
Args:
cleaned_data (dict): Cleaned data containing role and permission choices
instance: Instance to update
Returns:
instance: Updated instance
"""
logger.info("map_cleaned_data_to_instance")
logger.info(self.cleaned_data)
role = cleaned_data.get("role")
# Handle roles
instance.roles = [role]
# Handle additional_permissions
valid_fields = self.ROLE_REQUIRED_FIELDS.get(role, [])
additional_permissions = {cleaned_data.get(field) for field in valid_fields if cleaned_data.get(field)}
# Handle EDIT permissions (should be accompanied with a view permission)
if UserPortfolioPermissionChoices.EDIT_MEMBERS in additional_permissions:
additional_permissions.add(UserPortfolioPermissionChoices.VIEW_MEMBERS)
if UserPortfolioPermissionChoices.EDIT_REQUESTS in additional_permissions:
additional_permissions.add(UserPortfolioPermissionChoices.VIEW_ALL_REQUESTS)
# Only set unique permissions not already defined in the base role
role_permissions = UserPortfolioPermission.get_portfolio_permissions(instance.roles, [], get_list=False)
instance.additional_permissions = list(additional_permissions - role_permissions)
return instance
class PortfolioNewMemberForm(forms.ModelForm): class PortfolioNewMemberForm(forms.ModelForm):
@ -274,4 +735,3 @@ class PortfolioNewMemberForm(forms.ModelForm):
for field in hidden_fields: for field in hidden_fields:
if field in self.errors: if field in self.errors:
del self.errors[field] del self.errors[field]

68
src/registrar/models/domain.py
View file

@ -231,6 +231,12 @@ class Domain(TimeStampedModel, DomainHelper):
"""Called during delete. Example: `del domain.registrant`.""" """Called during delete. Example: `del domain.registrant`."""
super().__delete__(obj) super().__delete__(obj)
def save(self, force_insert=False, force_update=False, using=None, update_fields=None):
# If the domain is deleted we don't want the expiration date to be set
if self.state == self.State.DELETED and self.expiration_date:
self.expiration_date = None
super().save(force_insert, force_update, using, update_fields)
@classmethod @classmethod
def available(cls, domain: str) -> bool: def available(cls, domain: str) -> bool:
"""Check if a domain is available. """Check if a domain is available.
@ -254,7 +260,7 @@ class Domain(TimeStampedModel, DomainHelper):
return not cls.available(domain) return not cls.available(domain)
@Cache @Cache
def contacts(self) -> dict[str, str]: def registry_contacts(self) -> dict[str, str]:
""" """
Get a dictionary of registry IDs for the contacts for this domain. Get a dictionary of registry IDs for the contacts for this domain.
@ -707,7 +713,7 @@ class Domain(TimeStampedModel, DomainHelper):
raise e raise e
@nameservers.setter # type: ignore @nameservers.setter # type: ignore
def nameservers(self, hosts: list[tuple[str, list]]): def nameservers(self, hosts: list[tuple[str, list]]): # noqa
"""Host should be a tuple of type str, str,... where the elements are """Host should be a tuple of type str, str,... where the elements are
Fully qualified host name, addresses associated with the host Fully qualified host name, addresses associated with the host
example: [(ns1.okay.gov, [127.0.0.1, others ips])]""" example: [(ns1.okay.gov, [127.0.0.1, others ips])]"""
@ -744,7 +750,12 @@ class Domain(TimeStampedModel, DomainHelper):
successTotalNameservers = len(oldNameservers) - deleteCount + addToDomainCount successTotalNameservers = len(oldNameservers) - deleteCount + addToDomainCount
self._delete_hosts_if_not_used(hostsToDelete=deleted_values) try:
self._delete_hosts_if_not_used(hostsToDelete=deleted_values)
except Exception as e:
# we don't need this part to succeed in order to continue.
logger.error("Failed to delete nameserver hosts: %s", e)
if successTotalNameservers < 2: if successTotalNameservers < 2:
try: try:
self.dns_needed() self.dns_needed()
@ -1030,6 +1041,47 @@ class Domain(TimeStampedModel, DomainHelper):
def _delete_domain(self): def _delete_domain(self):
"""This domain should be deleted from the registry """This domain should be deleted from the registry
may raises RegistryError, should be caught or handled correctly by caller""" may raises RegistryError, should be caught or handled correctly by caller"""
logger.info("Deleting subdomains for %s", self.name)
# check if any subdomains are in use by another domain
hosts = Host.objects.filter(name__regex=r".+{}".format(self.name))
for host in hosts:
if host.domain != self:
logger.error("Unable to delete host: %s is in use by another domain: %s", host.name, host.domain)
raise RegistryError(
code=ErrorCode.OBJECT_ASSOCIATION_PROHIBITS_OPERATION,
note=f"Host {host.name} is in use by {host.domain}",
)
(
deleted_values,
updated_values,
new_values,
oldNameservers,
) = self.getNameserverChanges(hosts=[])
_ = self._update_host_values(updated_values, oldNameservers) # returns nothing, just need to be run and errors
addToDomainList, _ = self.createNewHostList(new_values)
deleteHostList, _ = self.createDeleteHostList(deleted_values)
responseCode = self.addAndRemoveHostsFromDomain(hostsToAdd=addToDomainList, hostsToDelete=deleteHostList)
# if unable to update domain raise error and stop
if responseCode != ErrorCode.COMMAND_COMPLETED_SUCCESSFULLY:
raise NameserverError(code=nsErrorCodes.BAD_DATA)
# addAndRemoveHostsFromDomain removes the hosts from the domain object,
# but we still need to delete the object themselves
self._delete_hosts_if_not_used(hostsToDelete=deleted_values)
logger.debug("Deleting non-registrant contacts for %s", self.name)
contacts = PublicContact.objects.filter(domain=self)
for contact in contacts:
if contact.contact_type != PublicContact.ContactTypeChoices.REGISTRANT:
self._update_domain_with_contact(contact, rem=True)
request = commands.DeleteContact(contact.registry_id)
registry.send(request, cleaned=True)
logger.info("Deleting domain %s", self.name)
request = commands.DeleteDomain(name=self.name) request = commands.DeleteDomain(name=self.name)
registry.send(request, cleaned=True) registry.send(request, cleaned=True)
@ -1097,7 +1149,7 @@ class Domain(TimeStampedModel, DomainHelper):
Returns True if expired, False otherwise. Returns True if expired, False otherwise.
""" """
if self.expiration_date is None: if self.expiration_date is None:
return True return self.state != self.State.DELETED
now = timezone.now().date() now = timezone.now().date()
return self.expiration_date < now return self.expiration_date < now
@ -1431,6 +1483,8 @@ class Domain(TimeStampedModel, DomainHelper):
@transition(field="state", source=[State.ON_HOLD, State.DNS_NEEDED], target=State.DELETED) @transition(field="state", source=[State.ON_HOLD, State.DNS_NEEDED], target=State.DELETED)
def deletedInEpp(self): def deletedInEpp(self):
"""Domain is deleted in epp but is saved in our database. """Domain is deleted in epp but is saved in our database.
Subdomains will be deleted first if not in use by another domain.
Contacts for this domain will also be deleted.
Error handling should be provided by the caller.""" Error handling should be provided by the caller."""
# While we want to log errors, we want to preserve # While we want to log errors, we want to preserve
# that information when this function is called. # that information when this function is called.
@ -1440,8 +1494,9 @@ class Domain(TimeStampedModel, DomainHelper):
logger.info("deletedInEpp()-> inside _delete_domain") logger.info("deletedInEpp()-> inside _delete_domain")
self._delete_domain() self._delete_domain()
self.deleted = timezone.now() self.deleted = timezone.now()
self.expiration_date = None
except RegistryError as err: except RegistryError as err:
logger.error(f"Could not delete domain. Registry returned error: {err}") logger.error(f"Could not delete domain. Registry returned error: {err}. {err.note}")
raise err raise err
except TransitionNotAllowed as err: except TransitionNotAllowed as err:
logger.error("Could not delete domain. FSM failure: {err}") logger.error("Could not delete domain. FSM failure: {err}")
@ -1746,7 +1801,6 @@ class Domain(TimeStampedModel, DomainHelper):
"""delete the host object in registry, """delete the host object in registry,
will only delete the host object, if it's not being used by another domain will only delete the host object, if it's not being used by another domain
Performs just the DeleteHost epp call Performs just the DeleteHost epp call
Supresses regstry error, as registry can disallow delete for various reasons
Args: Args:
hostsToDelete (list[str])- list of nameserver/host names to remove hostsToDelete (list[str])- list of nameserver/host names to remove
Returns: Returns:
@ -1765,6 +1819,8 @@ class Domain(TimeStampedModel, DomainHelper):
else: else:
logger.error("Error _delete_hosts_if_not_used, code was %s error was %s" % (e.code, e)) logger.error("Error _delete_hosts_if_not_used, code was %s error was %s" % (e.code, e))
raise e
def _fix_unknown_state(self, cleaned): def _fix_unknown_state(self, cleaned):
""" """
_fix_unknown_state: Calls _add_missing_contacts_if_unknown _fix_unknown_state: Calls _add_missing_contacts_if_unknown

11
src/registrar/models/user_portfolio_permission.py
View file

@ -110,8 +110,13 @@ class UserPortfolioPermission(TimeStampedModel):
return self.get_portfolio_permissions(self.roles, self.additional_permissions) return self.get_portfolio_permissions(self.roles, self.additional_permissions)
@classmethod @classmethod
def get_portfolio_permissions(cls, roles, additional_permissions): def get_portfolio_permissions(cls, roles, additional_permissions, get_list=True):
"""Class method to return a list of permissions based on roles and addtl permissions""" """Class method to return a list of permissions based on roles and addtl permissions.
Params:
roles => An array of roles
additional_permissions => An array of additional_permissions
get_list => If true, returns a list of perms. If false, returns a set of perms.
"""
# Use a set to avoid duplicate permissions # Use a set to avoid duplicate permissions
portfolio_permissions = set() portfolio_permissions = set()
if roles: if roles:
@ -119,7 +124,7 @@ class UserPortfolioPermission(TimeStampedModel):
portfolio_permissions.update(cls.PORTFOLIO_ROLE_PERMISSIONS.get(role, [])) portfolio_permissions.update(cls.PORTFOLIO_ROLE_PERMISSIONS.get(role, []))
if additional_permissions: if additional_permissions:
portfolio_permissions.update(additional_permissions) portfolio_permissions.update(additional_permissions)
return list(portfolio_permissions) return list(portfolio_permissions) if get_list else portfolio_permissions
@classmethod @classmethod
def get_domain_request_permission_display(cls, roles, additional_permissions): def get_domain_request_permission_display(cls, roles, additional_permissions):

23
src/registrar/models/utility/portfolio_helper.py
View file

@ -18,7 +18,28 @@ class UserPortfolioRoleChoices(models.TextChoices):
@classmethod @classmethod
def get_user_portfolio_role_label(cls, user_portfolio_role): def get_user_portfolio_role_label(cls, user_portfolio_role):
return cls(user_portfolio_role).label if user_portfolio_role else None try:
return cls(user_portfolio_role).label if user_portfolio_role else None
except ValueError:
logger.warning(f"Invalid portfolio role: {user_portfolio_role}")
return f"Unknown ({user_portfolio_role})"
@classmethod
def get_role_description(cls, user_portfolio_role):
"""Returns a detailed description for a given role."""
descriptions = {
cls.ORGANIZATION_ADMIN: (
"Grants this member access to the organization-wide information "
"on domains, domain requests, and members. Domain management can be assigned separately."
),
cls.ORGANIZATION_MEMBER: (
"Grants this member access to the organization. They can be given extra permissions to view all "
"organization domain requests and submit domain requests on behalf of the organization. Basic access "
"members cant view all members of an organization or manage them. "
"Domain management can be assigned separately."
),
}
return descriptions.get(user_portfolio_role)
class UserPortfolioPermissionChoices(models.TextChoices): class UserPortfolioPermissionChoices(models.TextChoices):

2
src/registrar/templates/401.html
View file

@ -5,7 +5,7 @@
{% block title %}{% translate "Unauthorized | " %}{% endblock %} {% block title %}{% translate "Unauthorized | " %}{% endblock %}
{% block content %} {% block content %}
<main id="main-content" class="grid-container {% if is_widescreen_mode %} grid-container--widescreen {% endif %}"> <main id="main-content" class="grid-container {% if is_widescreen_mode %} grid-container--widescreen{% endif %}">
<div class="grid-row grow-gap"> <div class="grid-row grow-gap">
<div class="tablet:grid-col-6 usa-prose margin-bottom-3"> <div class="tablet:grid-col-6 usa-prose margin-bottom-3">
<h1> <h1>

2
src/registrar/templates/403.html
View file

@ -5,7 +5,7 @@
{% block title %}{% translate "Forbidden | " %}{% endblock %} {% block title %}{% translate "Forbidden | " %}{% endblock %}
{% block content %} {% block content %}
<main id="main-content" class="grid-container {% if is_widescreen_mode %} grid-container--widescreen {% endif %}"> <main id="main-content" class="grid-container {% if is_widescreen_mode %} grid-container--widescreen{% endif %}">
<div class="grid-row grow-gap"> <div class="grid-row grow-gap">
<div class="tablet:grid-col-6 usa-prose margin-bottom-3"> <div class="tablet:grid-col-6 usa-prose margin-bottom-3">
<h1> <h1>

2
src/registrar/templates/404.html
View file

@ -5,7 +5,7 @@
{% block title %}{% translate "Page not found | " %}{% endblock %} {% block title %}{% translate "Page not found | " %}{% endblock %}
{% block content %} {% block content %}
<main id="main-content" class="grid-container {% if is_widescreen_mode %} grid-container--widescreen {% endif %}"> <main id="main-content" class="grid-container {% if is_widescreen_mode %} grid-container--widescreen{% endif %}">
<div class="grid-row grid-gap"> <div class="grid-row grid-gap">
<div class="tablet:grid-col-6 usa-prose margin-bottom-3"> <div class="tablet:grid-col-6 usa-prose margin-bottom-3">
<h1> <h1>

2
src/registrar/templates/500.html
View file

@ -5,7 +5,7 @@
{% block title %}{% translate "Server error | " %}{% endblock %} {% block title %}{% translate "Server error | " %}{% endblock %}
{% block content %} {% block content %}
<main id="main-content" class="grid-container {% if is_widescreen_mode %} grid-container--widescreen {% endif %}"> <main id="main-content" class="grid-container {% if is_widescreen_mode %} grid-container--widescreen{% endif %}">
<div class="grid-row grid-gap"> <div class="grid-row grid-gap">
<div class="tablet:grid-col-6 usa-prose margin-bottom-3"> <div class="tablet:grid-col-6 usa-prose margin-bottom-3">
<h1> <h1>

7
src/registrar/templates/django/admin/domain_change_form.html
View file

@ -1,6 +1,13 @@
{% extends 'admin/change_form.html' %} {% extends 'admin/change_form.html' %}
{% load i18n static %} {% load i18n static %}
{% block content %}
{% comment %} Stores the json endpoint in a url for easier access {% endcomment %}
{% url 'get-portfolio-json' as url %}
<input id="portfolio_json_url" class="display-none" value="{{url}}" />
{{ block.super }}
{% endblock content %}
{% block field_sets %} {% block field_sets %}
<div class="display-flex flex-row flex-justify submit-row"> <div class="display-flex flex-row flex-justify submit-row">
<div class="flex-align-self-start button-list-mobile"> <div class="flex-align-self-start button-list-mobile">

7
src/registrar/templates/django/admin/domain_information_change_form.html
View file

@ -1,6 +1,13 @@
{% extends 'admin/change_form.html' %} {% extends 'admin/change_form.html' %}
{% load i18n static %} {% load i18n static %}
{% block content %}
{% comment %} Stores the json endpoint in a url for easier access {% endcomment %}
{% url 'get-portfolio-json' as url %}
<input id="portfolio_json_url" class="display-none" value="{{url}}" />
{{ block.super }}
{% endblock content %}
{% block field_sets %} {% block field_sets %}
{% for fieldset in adminform %} {% for fieldset in adminform %}
{% comment %} {% comment %}

14
src/registrar/templates/django/forms/widgets/multiple_input.html
View file

@ -1,3 +1,5 @@
{% load static custom_filters %}
<div class="{{ uswds_input_class }}"> <div class="{{ uswds_input_class }}">
{% for group, options, index in widget.optgroups %} {% for group, options, index in widget.optgroups %}
{% if group %}<div><label>{{ group }}</label>{% endif %} {% if group %}<div><label>{{ group }}</label>{% endif %}
@ -13,7 +15,17 @@
<label <label
class="{{ uswds_input_class }}__label{% if label_classes %} {{ label_classes }}{% endif %}" class="{{ uswds_input_class }}__label{% if label_classes %} {{ label_classes }}{% endif %}"
for="{{ option.attrs.id }}" for="{{ option.attrs.id }}"
>{{ option.label }}</label> >
{{ option.label }}
{% comment %} Add a description on each, if available {% endcomment %}
{% if field and field.field and field.field.descriptions %}
{% with description=field.field.descriptions|get_dict_value:option.value %}
{% if description %}
<p class="margin-0 margin-top-1">{{ description }}</p>
{% endif %}
{% endwith %}
{% endif %}
</label>
{% endfor %} {% endfor %}
{% if group %}</div>{% endif %} {% if group %}</div>{% endif %}
{% endfor %} {% endfor %}

18
src/registrar/templates/domain_request_done.html
View file

@ -26,13 +26,17 @@
<h2>Next steps in this process</h2> <h2>Next steps in this process</h2>
<p> Well review your request. This review period can take 30 business days. Due to the volume of requests, the wait time is longer than usual. We appreciate your patience.</p> <p> Well review your request. This review period can take 30 business days. Due to the volume of requests, the wait time is longer than usual. We appreciate your patience.</p>
<p>During our review well verify that:</p> {% if has_organization_feature_flag %}
<ul class="usa-list"> <p>During our review, well verify that your requested domain meets our naming requirements.</p>
<li>Your organization is eligible for a .gov domain.</li> {% else %}
<li>You work at the organization and/or can make requests on its behalf.</li> <p>During our review, well verify that:</p>
<li>Your requested domain meets our naming requirements.</li> <ul class="usa-list">
</ul> <li>Your organization is eligible for a .gov domain.</li>
<li>You work at the organization and/or can make requests on its behalf.</li>
<li>Your requested domain meets our naming requirements.</li>
</ul>
{% endif %}
<p> Well email you if we have questions. Well also email you as soon as we complete our review. You can <a href="{% if portfolio %}{% url 'domain-requests' %}{% else %}{% url 'home' %}{% endif %}">check the status</a> <p> Well email you if we have questions. Well also email you as soon as we complete our review. You can <a href="{% if portfolio %}{% url 'domain-requests' %}{% else %}{% url 'home' %}{% endif %}">check the status</a>
of your request at any time on the registrar.</p> of your request at any time on the registrar.</p>

4
src/registrar/templates/emails/submission_confirmation.txt
View file

@ -12,12 +12,12 @@ STATUS: Submitted
NEXT STEPS NEXT STEPS
Well review your request. This review period can take 30 business days. Due to the volume of requests, the wait time is longer than usual. We appreciate your patience. Well review your request. This review period can take 30 business days. Due to the volume of requests, the wait time is longer than usual. We appreciate your patience.
During our review well verify that: During our review, well verify that:
- Your organization is eligible for a .gov domain - Your organization is eligible for a .gov domain
- You work at the organization and/or can make requests on its behalf - You work at the organization and/or can make requests on its behalf
- Your requested domain meets our naming requirements - Your requested domain meets our naming requirements
Well email you if we have questions. Well also email you as soon as we complete our review. You can check the status of your request at any time on the registrar homepage. <https://manage.get.gov> Well email you if we have questions. Well also email you as soon as we complete our review. You can check the status of your request at any time on the registrar. <https://manage.get.gov>
NEED TO MAKE CHANGES? NEED TO MAKE CHANGES?

2
src/registrar/templates/home.html
View file

@ -5,7 +5,7 @@
{% block title %} Home | {% endblock %} {% block title %} Home | {% endblock %}
{% block content %} {% block content %}
<main id="main-content" class="grid-container {% if is_widescreen_mode %} grid-container--widescreen {% endif %}"> <main id="main-content" class="grid-container {% if is_widescreen_mode %} grid-container--widescreen{% endif %}">
{% if user.is_authenticated %} {% if user.is_authenticated %}
{# the entire logged in page goes here #} {# the entire logged in page goes here #}

2
src/registrar/templates/includes/footer.html
View file

@ -3,7 +3,7 @@
<footer class="usa-footer"> <footer class="usa-footer">
<div class="usa-footer__secondary-section"> <div class="usa-footer__secondary-section">
<div class="grid-container {% if is_widescreen_mode %} grid-container--widescreen {% endif %}"> <div class="grid-container {% if is_widescreen_mode %} grid-container--widescreen{% endif %}">
<div class="grid-row grid-gap"> <div class="grid-row grid-gap">
<div <div
class=" class="

142
src/registrar/templates/includes/member_domains_edit_table.html Normal file
View file

@ -0,0 +1,142 @@
{% load static %}
{% if member %}
<span
id="portfolio-js-value"
class="display-none"
data-portfolio="{{ portfolio.id }}"
data-email=""
data-member-id="{{ member.id }}"
data-member-only="false"
></span>
{% else %}
<span
id="portfolio-js-value"
class="display-none"
data-portfolio="{{ portfolio.id }}"
data-email="{{ portfolio_invitation.email }}"
data-member-id=""
data-member-only="false"
></span>
{% endif %}
{% comment %} Stores the json endpoint in a url for easier access {% endcomment %}
{% url 'get_member_domains_json' as url %}
<span id="get_member_domains_json_url" class="display-none">{{url}}</span>
<section class="section-outlined member-domains margin-top-0 section-outlined--border-base-light" id="edit-member-domains">
<h2>
Edit domains assigned to
{% if member %}
{{ member.email }}
{% else %}
{{ portfolio_invitation.email }}
{% endif %}
</h2>
<div class="section-outlined__header margin-bottom-3 grid-row">
<!-- ---------- SEARCH ---------- -->
<div class="section-outlined__search mobile:grid-col-12 desktop:grid-col-9">
<section aria-label="Member domains search component" class="margin-top-2">
<form class="usa-search usa-search--show-label" method="POST" role="search">
{% csrf_token %}
<label class="usa-label display-block margin-bottom-05" for="edit-member-domains__search-field">
{% if has_edit_members_portfolio_permission %}
Search all domains
{% else %}
Search domains assigned to
{% if member %}
{{ member.email }}
{% else %}
{{ portfolio_invitation.email }}
{% endif %}
{% endif %}
</label>
<div class="usa-search--show-label__input-wrapper">
<button class="usa-button usa-button--unstyled margin-right-3 display-none" id="edit-member-domains__reset-search" type="button">
<svg class="usa-icon" aria-hidden="true" focusable="false" role="img" width="24">
<use xlink:href="{%static 'img/sprite.svg'%}#close"></use>
</svg>
Reset
</button>
<input
class="usa-input"
id="edit-member-domains__search-field"
type="search"
name="member-domains-search"
/>
<button class="usa-button" type="submit" id="edit-member-domains__search-field-submit">
<span class="usa-search__submit-text">Search </span>
<img
src="{% static 'img/usa-icons-bg/search--white.svg' %}"
class="usa-search__submit-icon"
alt="Search"
/>
</button>
</div>
</form>
</section>
</div>
</div>
<!-- ---------- MAIN TABLE ---------- -->
<div class="display-none margin-top-0" id="edit-member-domains__table-wrapper">
<table class="usa-table usa-table--borderless usa-table--stacked dotgov-table dotgov-table--stacked">
<caption class="sr-only">member domains</caption>
<thead>
<tr>
<th data-sortable="checked" scope="col" role="columnheader" class="padding-right-105"><span class="sr-only">Assigned domains</span></th>
<!-- We override default sort to be name/ascending in the JSON endpoint. We add the correct aria-sort attribute here to reflect that in the UI -->
<th data-sortable="name" scope="col" role="columnheader" aria-sort="descending">Domains</th>
</tr>
</thead>
<tbody>
<!-- AJAX will populate this tbody -->
</tbody>
</table>
<div
class="usa-sr-only usa-table__announcement-region" id="edit-member-domains__usa-table__announcement-region"
aria-live="polite"
></div>
</div>
<div class="display-none" id="edit-member-domains__no-data">
<p>This member does not manage any domains. Click the Edit domain assignments buttons to assign domains.</p>
</div>
<div class="display-none" id="edit-member-domains__no-search-results">
<p>No results found</p>
</div>
</section>
<nav aria-label="Pagination" class="usa-pagination flex-justify" id="edit-member-domains-pagination">
<span class="usa-pagination__counter text-base-dark padding-left-2 margin-bottom-1">
<!-- Count will be dynamically populated by JS -->
</span>
<ul class="usa-pagination__list">
<!-- Pagination links will be dynamically populated by JS -->
</ul>
</nav>
<a
id="hidden-cancel-edit-domain-assignments-modal-trigger"
href="#cancel-edit-domain-assignments-modal"
class="usa-button usa-button--outline margin-top-1 display-none"
aria-controls="cancel-edit-domain-assignments-modal"
data-open-modal
></a
>
<div
class="usa-modal"
id="cancel-edit-domain-assignments-modal"
aria-labelledby="Are you sure you want to continue?"
aria-describedby="You have unsaved changes that will be lost."
>
{% if portfolio_permission %}
{% url 'member-domains' pk=portfolio_permission.id as url %}
{% else %}
{% url 'invitedmember-domains' pk=portfolio_invitation.id as url %}
{% endif %}
{% include 'includes/modal.html' with modal_heading="Are you sure you want to continue?" modal_description="You have unsaved changes that will be lost." modal_button_url=url modal_button_text="Continue without saving" %}
</div>

16
src/registrar/templates/includes/member_domains_table.html
View file

@ -36,20 +36,16 @@
<div class="section-outlined__header margin-bottom-3 grid-row"> <div class="section-outlined__header margin-bottom-3 grid-row">
<!-- ---------- SEARCH ---------- --> <!-- ---------- SEARCH ---------- -->
<div class="section-outlined__search mobile:grid-col-12 desktop:grid-col-6"> <div class="section-outlined__search mobile:grid-col-12 desktop:grid-col-9">
<section aria-label="Members search component" class="margin-top-2"> <section aria-label="Member domains search component" class="margin-top-2">
<form class="usa-search usa-search--show-label" method="POST" role="search"> <form class="usa-search usa-search--show-label" method="POST" role="search">
{% csrf_token %} {% csrf_token %}
<label class="usa-label display-block margin-bottom-05" for="member-domains__search-field"> <label class="usa-label display-block margin-bottom-05" for="member-domains__search-field">
{% if has_edit_members_portfolio_permission %} Search domains assigned to
Search all domains {% if member %}
{{ member.email }}
{% else %} {% else %}
Search domains assigned to {{ portfolio_invitation.email }}
{% if member %}
{{ member.email }}
{% else %}
{{ portfolio_invitation.email }}
{% endif %}
{% endif %} {% endif %}
</label> </label>
<div class="usa-search--show-label__input-wrapper"> <div class="usa-search--show-label__input-wrapper">

18
src/registrar/templates/includes/modal.html
View file

@ -23,18 +23,24 @@
<div class="usa-modal__footer"> <div class="usa-modal__footer">
<ul class="usa-button-group"> <ul class="usa-button-group">
{% if not_form %}
<li class="usa-button-group__item"> <li class="usa-button-group__item">
{% if not_form and modal_button %}
{{ modal_button }} {{ modal_button }}
</li> {% elif modal_button_url and modal_button_text %}
{% else %} <a
<li class="usa-button-group__item"> href="{{ modal_button_url }}"
type="button"
class="usa-button"
>
{{ modal_button_text }}
</a>
{% else %}
<form method="post"> <form method="post">
{% csrf_token %} {% csrf_token %}
{{ modal_button }} {{ modal_button }}
</form> </form>
</li> {% endif %}
{% endif %} </li>
<li class="usa-button-group__item"> <li class="usa-button-group__item">
{% comment %} The cancel button the DS form actually triggers a context change in the view, {% comment %} The cancel button the DS form actually triggers a context change in the view,
in addition to being a close modal hook {% endcomment %} in addition to being a close modal hook {% endcomment %}

2
src/registrar/templates/portfolio_base.html
View file

@ -4,7 +4,7 @@
<div id="wrapper" class="{% block wrapper_class %}wrapper--padding-top-6{% endblock %}"> <div id="wrapper" class="{% block wrapper_class %}wrapper--padding-top-6{% endblock %}">
{% block content %} {% block content %}
<main class="grid-container {% if is_widescreen_mode %} grid-container--widescreen {% endif %}"> <main class="grid-container {% if is_widescreen_mode %} grid-container--widescreen{% endif %}">
{% if user.is_authenticated %} {% if user.is_authenticated %}
{# the entire logged in page goes here #} {# the entire logged in page goes here #}

6
src/registrar/templates/portfolio_member_domains.html
View file

@ -11,8 +11,10 @@
{% url 'members' as url %} {% url 'members' as url %}
{% if portfolio_permission %} {% if portfolio_permission %}
{% url 'member' pk=portfolio_permission.id as url2 %} {% url 'member' pk=portfolio_permission.id as url2 %}
{% url 'member-domains-edit' pk=portfolio_permission.id as url3 %}
{% else %} {% else %}
{% url 'invitedmember' pk=portfolio_invitation.id as url2 %} {% url 'invitedmember' pk=portfolio_invitation.id as url2 %}
{% url 'invitedmember-domains-edit' pk=portfolio_invitation.id as url3 %}
{% endif %} {% endif %}
<nav class="usa-breadcrumb padding-top-0 margin-bottom-3" aria-label="Portfolio member breadcrumb"> <nav class="usa-breadcrumb padding-top-0 margin-bottom-3" aria-label="Portfolio member breadcrumb">
<ol class="usa-breadcrumb__list"> <ol class="usa-breadcrumb__list">
@ -23,7 +25,7 @@
<a href="{{ url2 }}" class="usa-breadcrumb__link"><span>Manage member</span></a> <a href="{{ url2 }}" class="usa-breadcrumb__link"><span>Manage member</span></a>
</li> </li>
<li class="usa-breadcrumb__list-item usa-current" aria-current="page"> <li class="usa-breadcrumb__list-item usa-current" aria-current="page">
<span>Manage member</span> <span>Domain assignments</span>
</li> </li>
</ol> </ol>
</nav> </nav>
@ -35,7 +37,7 @@
{% if has_edit_members_portfolio_permission %} {% if has_edit_members_portfolio_permission %}
<div class="mobile:grid-col-12 tablet:grid-col-5"> <div class="mobile:grid-col-12 tablet:grid-col-5">
<p class="float-right-tablet tablet:margin-y-0"> <p class="float-right-tablet tablet:margin-y-0">
<a href="#" class="usa-button" <a href="{{ url3 }}" class="usa-button"
> >
Edit domain assignments Edit domain assignments
</a> </a>

69
src/registrar/templates/portfolio_member_domains_edit.html Normal file
View file

@ -0,0 +1,69 @@
{% extends 'portfolio_base.html' %}
{% load static field_helpers%}
{% block title %}Edit organization member domains {% endblock %}
{% load static %}
{% block portfolio_content %}
<div id="main-content">
{% url 'members' as url %}
{% if portfolio_permission %}
{% url 'member' pk=portfolio_permission.id as url2 %}
{% url 'member-domains' pk=portfolio_permission.id as url3 %}
{% else %}
{% url 'invitedmember' pk=portfolio_invitation.id as url2 %}
{% url 'invitedmember-domains' pk=portfolio_invitation.id as url3 %}
{% endif %}
<nav class="usa-breadcrumb padding-top-0 margin-bottom-3" aria-label="Portfolio member breadcrumb">
<ol class="usa-breadcrumb__list">
<li class="usa-breadcrumb__list-item">
<a href="{{ url }}" class="usa-breadcrumb__link"><span>Members</span></a>
</li>
<li class="usa-breadcrumb__list-item">
<a href="{{ url2 }}" class="usa-breadcrumb__link"><span>Manage member</span></a>
</li>
<li class="usa-breadcrumb__list-item">
<a href="{{ url3 }}" class="usa-breadcrumb__link"><span>Domain assignments</span></a>
</li>
<li class="usa-breadcrumb__list-item usa-current edit-domain-assignments-breadcrumb" aria-current="page">
<span>Edit domain assignments</span>
</li>
</ol>
</nav>
<h1 class="margin-bottom-3">Edit domain assignments</h1>
<p class="margin-bottom-0">
A domain manager can be assigned to any domain across the organization. Domain managers can change domain information, adjust DNS settings, and invite or assign other domain managers to their assigned domains.
</p>
<p>
When you save this form the member will get an email to notify them of any changes.
</p>
{% include "includes/member_domains_edit_table.html" %}
<ul class="usa-button-group">
<li class="usa-button-group__item">
<button
id="cancel-edit-domain-assignments"
type="button"
class="usa-button usa-button--outline"
>
Cancel
</button>
</li>
<li class="usa-button-group__item">
<button
type="button"
class="usa-button"
>
Review
</button>
</li>
</ul>
</div>
{% endblock %}

152
src/registrar/templates/portfolio_member_permissions.html
View file

@ -1,42 +1,132 @@
{% extends 'portfolio_base.html' %} {% extends 'portfolio_base.html' %}
{% load static field_helpers%} {% load static url_helpers %}
{% load field_helpers %}
{% block title %}Organization member {% endblock %} {% block title %}Organization member{% endblock %}
{% load static %} {% block wrapper_class %}
{{ block.super }} dashboard--grey-1
{% endblock %}
{% block portfolio_content %} {% block portfolio_content %}
<div class="grid-row grid-gap"> {% include "includes/form_errors.html" with form=form %}
<div class="tablet:grid-col-9" id="main-content">
{% block messages %} <!-- Navigation breadcrumbs -->
{% include "includes/form_messages.html" %} <nav class="usa-breadcrumb padding-top-0" aria-label="Domain request breadcrumb">
{% endblock %} <ol class="usa-breadcrumb__list">
<li class="usa-breadcrumb__list-item">
<a href="{% url 'members' %}" class="usa-breadcrumb__link"><span>Members</span></a>
</li>
<li class="usa-breadcrumb__list-item">
{% if member %}
{% url 'member' pk=member.pk as back_url %}
{% elif invitation %}
{% url 'invitedmember' pk=invitation.pk as back_url %}
{% endif %}
<a href="{{ back_url }}" class="usa-breadcrumb__link"><span>Manage member</span></a>
</li>
{% comment %} Manage members {% endcomment %}
<li class="usa-breadcrumb__list-item usa-current" aria-current="page">
<span>Member access and permissions</span>
</li>
</ol>
</nav>
<h1>Manage member</h1> <!-- Page header -->
<h1>Member access and permissions</h1>
<p>
{% if member %}
{{ member.email }}
{% elif invitation %}
{{ invitation.email }}
{% endif %}
</p>
<hr> {% include "includes/required_fields.html" with remove_margin_top=True %}
<form class="usa-form usa-form--large" method="post" novalidate> <form class="usa-form usa-form--large" method="post" id="member_form" novalidate>
{% csrf_token %} {% csrf_token %}
{% input_with_errors form.roles %} <fieldset class="usa-fieldset">
{% input_with_errors form.additional_permissions %} <legend>
<button {% if member and member.email or invitation and invitation.email %}
type="submit" <h2 class="margin-top-1">Member email</h2>
class="usa-button" {% else %}
>Submit</button> <h2 class="margin-top-1">Member</h2>
</form> {% endif %}
</legend>
<p class="margin-top-0">
{% comment %}
Show member email if possible, then invitation email.
If neither of these are true, show the name or as a last resort just "None".
{% endcomment %}
{% if member %}
{% if member.email %}
{{ member.email }}
{% else %}
{{ member.get_formatted_name }}
{% endif %}
{% elif invitation %}
{% if invitation.email %}
{{ invitation.email }}
{% else %}
None
{% endif %}
{% endif %}
</p>
<!-- Member email -->
</fieldset>
<!-- Member access radio buttons (Toggles other sections) -->
<fieldset class="usa-fieldset">
<legend>
<h2 class="margin-top-0">Member Access</h2>
</legend>
</div> <em>Select the level of access for this member. <abbr class="usa-hint usa-hint--required" title="required">*</abbr></em>
</div>
{% endblock %} {% with add_class="usa-radio__input--tile" add_legend_class="usa-sr-only" %}
{% input_with_errors form.role %}
{% endwith %}
</fieldset>
<!-- Admin access form -->
<div id="member-admin-permissions" class="margin-top-2">
<h2>Admin access permissions</h2>
<p>Member permissions available for admin-level acccess.</p>
<h3 class="summary-item__title
text-primary-dark
margin-bottom-0">Organization domain requests</h3>
{% with group_classes="usa-form-editable usa-form-editable--no-border padding-top-0" %}
{% input_with_errors form.domain_request_permission_admin %}
{% endwith %}
<h3 class="summary-item__title
text-primary-dark
margin-bottom-0
margin-top-3">Organization members</h3>
{% with group_classes="usa-form-editable usa-form-editable--no-border padding-top-0" %}
{% input_with_errors form.member_permission_admin %}
{% endwith %}
</div>
<!-- Basic access form -->
<div id="member-basic-permissions" class="margin-top-2">
<h2>Basic member permissions</h2>
<p>Member permissions available for basic-level acccess.</p>
<h3 class="margin-bottom-0 summary-item__title text-primary-dark">Organization domain requests</h3>
{% with group_classes="usa-form-editable usa-form-editable--no-border padding-top-0" %}
{% input_with_errors form.domain_request_permission_member %}
{% endwith %}
</div>
<!-- Submit/cancel buttons -->
<div class="margin-top-3">
<a
type="button"
href="{{ back_url }}"
class="usa-button usa-button--outline"
name="btn-cancel-click"
aria-label="Cancel editing member"
>
Cancel
</a>
<button type="submit" class="usa-button">Update Member</button>
</div>
</form>
{% endblock portfolio_content%}

6
src/registrar/templates/portfolio_no_domains.html
View file

@ -5,12 +5,6 @@
{% block title %} Domains | {% endblock %} {% block title %} Domains | {% endblock %}
{% block portfolio_content %} {% block portfolio_content %}
{% block messages %}
{% include "includes/form_messages.html" %}
{% endblock %}
<div id="main-content"> <div id="main-content">
<h1 id="domains-header">Domains</h1> <h1 id="domains-header">Domains</h1>
<section class="section-outlined"> <section class="section-outlined">

8
src/registrar/templatetags/custom_filters.py
View file

@ -282,3 +282,11 @@ def display_requesting_entity(domain_request):
) )
return display return display
@register.filter
def get_dict_value(dictionary, key):
"""Get a value from a dictionary. Returns a string on empty."""
if isinstance(dictionary, dict):
return dictionary.get(key, "")
return ""

42
src/registrar/tests/common.py
View file

@ -1232,6 +1232,7 @@ class MockEppLib(TestCase):
common.Status(state="serverTransferProhibited", description="", lang="en"), common.Status(state="serverTransferProhibited", description="", lang="en"),
common.Status(state="inactive", description="", lang="en"), common.Status(state="inactive", description="", lang="en"),
], ],
registrant="regContact",
ex_date=date(2023, 5, 25), ex_date=date(2023, 5, 25),
) )
@ -1394,6 +1395,15 @@ class MockEppLib(TestCase):
hosts=["fake.host.com"], hosts=["fake.host.com"],
) )
infoDomainSharedHost = fakedEppObject(
"sharedHost.gov",
cr_date=make_aware(datetime(2023, 5, 25, 19, 45, 35)),
contacts=[],
hosts=[
"ns1.sharedhost.com",
],
)
infoDomainThreeHosts = fakedEppObject( infoDomainThreeHosts = fakedEppObject(
"my-nameserver.gov", "my-nameserver.gov",
cr_date=make_aware(datetime(2023, 5, 25, 19, 45, 35)), cr_date=make_aware(datetime(2023, 5, 25, 19, 45, 35)),
@ -1604,6 +1614,8 @@ class MockEppLib(TestCase):
return self.mockInfoContactCommands(_request, cleaned) return self.mockInfoContactCommands(_request, cleaned)
case commands.CreateContact: case commands.CreateContact:
return self.mockCreateContactCommands(_request, cleaned) return self.mockCreateContactCommands(_request, cleaned)
case commands.DeleteContact:
return self.mockDeleteContactCommands(_request, cleaned)
case commands.UpdateDomain: case commands.UpdateDomain:
return self.mockUpdateDomainCommands(_request, cleaned) return self.mockUpdateDomainCommands(_request, cleaned)
case commands.CreateHost: case commands.CreateHost:
@ -1611,10 +1623,7 @@ class MockEppLib(TestCase):
case commands.UpdateHost: case commands.UpdateHost:
return self.mockUpdateHostCommands(_request, cleaned) return self.mockUpdateHostCommands(_request, cleaned)
case commands.DeleteHost: case commands.DeleteHost:
return MagicMock( return self.mockDeleteHostCommands(_request, cleaned)
res_data=[self.mockDataHostChange],
code=ErrorCode.COMMAND_COMPLETED_SUCCESSFULLY,
)
case commands.CheckDomain: case commands.CheckDomain:
return self.mockCheckDomainCommand(_request, cleaned) return self.mockCheckDomainCommand(_request, cleaned)
case commands.DeleteDomain: case commands.DeleteDomain:
@ -1667,6 +1676,15 @@ class MockEppLib(TestCase):
code=ErrorCode.COMMAND_COMPLETED_SUCCESSFULLY, code=ErrorCode.COMMAND_COMPLETED_SUCCESSFULLY,
) )
def mockDeleteHostCommands(self, _request, cleaned):
host = getattr(_request, "name", None)
if "sharedhost.com" in host:
raise RegistryError(code=ErrorCode.OBJECT_ASSOCIATION_PROHIBITS_OPERATION, note="ns1.sharedhost.com")
return MagicMock(
res_data=[self.mockDataHostChange],
code=ErrorCode.COMMAND_COMPLETED_SUCCESSFULLY,
)
def mockUpdateDomainCommands(self, _request, cleaned): def mockUpdateDomainCommands(self, _request, cleaned):
if getattr(_request, "name", None) == "dnssec-invalid.gov": if getattr(_request, "name", None) == "dnssec-invalid.gov":
raise RegistryError(code=ErrorCode.PARAMETER_VALUE_RANGE_ERROR) raise RegistryError(code=ErrorCode.PARAMETER_VALUE_RANGE_ERROR)
@ -1678,10 +1696,7 @@ class MockEppLib(TestCase):
def mockDeleteDomainCommands(self, _request, cleaned): def mockDeleteDomainCommands(self, _request, cleaned):
if getattr(_request, "name", None) == "failDelete.gov": if getattr(_request, "name", None) == "failDelete.gov":
name = getattr(_request, "name", None) raise RegistryError(code=ErrorCode.OBJECT_ASSOCIATION_PROHIBITS_OPERATION)
fake_nameserver = "ns1.failDelete.gov"
if name in fake_nameserver:
raise RegistryError(code=ErrorCode.OBJECT_ASSOCIATION_PROHIBITS_OPERATION)
return None return None
def mockRenewDomainCommand(self, _request, cleaned): def mockRenewDomainCommand(self, _request, cleaned):
@ -1721,6 +1736,7 @@ class MockEppLib(TestCase):
# Define a dictionary to map request names to data and extension values # Define a dictionary to map request names to data and extension values
request_mappings = { request_mappings = {
"fake.gov": (self.mockDataInfoDomain, None),
"security.gov": (self.infoDomainNoContact, None), "security.gov": (self.infoDomainNoContact, None),
"dnssec-dsdata.gov": ( "dnssec-dsdata.gov": (
self.mockDataInfoDomain, self.mockDataInfoDomain,
@ -1751,6 +1767,7 @@ class MockEppLib(TestCase):
"subdomainwoip.gov": (self.mockDataInfoDomainSubdomainNoIP, None), "subdomainwoip.gov": (self.mockDataInfoDomainSubdomainNoIP, None),
"ddomain3.gov": (self.InfoDomainWithContacts, None), "ddomain3.gov": (self.InfoDomainWithContacts, None),
"igorville.gov": (self.InfoDomainWithContacts, None), "igorville.gov": (self.InfoDomainWithContacts, None),
"sharingiscaring.gov": (self.infoDomainSharedHost, None),
} }
# Retrieve the corresponding values from the dictionary # Retrieve the corresponding values from the dictionary
@ -1801,6 +1818,15 @@ class MockEppLib(TestCase):
raise ContactError(code=ContactErrorCodes.CONTACT_TYPE_NONE) raise ContactError(code=ContactErrorCodes.CONTACT_TYPE_NONE)
return MagicMock(res_data=[self.mockDataInfoHosts]) return MagicMock(res_data=[self.mockDataInfoHosts])
def mockDeleteContactCommands(self, _request, cleaned):
if getattr(_request, "id", None) == "fail":
raise RegistryError(code=ErrorCode.OBJECT_EXISTS)
else:
return MagicMock(
res_data=[self.mockDataInfoContact],
code=ErrorCode.COMMAND_COMPLETED_SUCCESSFULLY,
)
def setUp(self): def setUp(self):
"""mock epp send function as this will fail locally""" """mock epp send function as this will fail locally"""
self.mockSendPatch = patch("registrar.models.domain.registry.send") self.mockSendPatch = patch("registrar.models.domain.registry.send")

15
src/registrar/tests/test_admin.py
View file

@ -853,9 +853,9 @@ class TestDomainInformationAdmin(TestCase):
self.test_helper.assert_response_contains_distinct_values(response, expected_other_employees_fields) self.test_helper.assert_response_contains_distinct_values(response, expected_other_employees_fields)
# Test for the copy link # Test for the copy link
# We expect 3 in the form + 2 from the js module copy-to-clipboard.js # We expect 4 in the form + 2 from the js module copy-to-clipboard.js
# that gets pulled in the test in django.contrib.staticfiles.finders.FileSystemFinder # that gets pulled in the test in django.contrib.staticfiles.finders.FileSystemFinder
self.assertContains(response, "copy-to-clipboard", count=5) self.assertContains(response, "copy-to-clipboard", count=6)
# cleanup this test # cleanup this test
domain_info.delete() domain_info.delete()
@ -871,6 +871,17 @@ class TestDomainInformationAdmin(TestCase):
readonly_fields = self.admin.get_readonly_fields(request) readonly_fields = self.admin.get_readonly_fields(request)
expected_fields = [ expected_fields = [
"portfolio_senior_official",
"portfolio_organization_type",
"portfolio_federal_type",
"portfolio_organization_name",
"portfolio_federal_agency",
"portfolio_state_territory",
"portfolio_address_line1",
"portfolio_address_line2",
"portfolio_city",
"portfolio_zipcode",
"portfolio_urbanization",
"other_contacts", "other_contacts",
"is_election_board", "is_election_board",
"federal_agency", "federal_agency",

53
src/registrar/tests/test_admin_domain.py
View file

@ -16,6 +16,7 @@ from registrar.models import (
Host, Host,
Portfolio, Portfolio,
) )
from registrar.models.public_contact import PublicContact
from registrar.models.user_domain_role import UserDomainRole from registrar.models.user_domain_role import UserDomainRole
from .common import ( from .common import (
MockSESClient, MockSESClient,
@ -59,6 +60,7 @@ class TestDomainAdminAsStaff(MockEppLib):
def tearDown(self): def tearDown(self):
super().tearDown() super().tearDown()
Host.objects.all().delete() Host.objects.all().delete()
PublicContact.objects.all().delete()
Domain.objects.all().delete() Domain.objects.all().delete()
DomainInformation.objects.all().delete() DomainInformation.objects.all().delete()
DomainRequest.objects.all().delete() DomainRequest.objects.all().delete()
@ -170,7 +172,7 @@ class TestDomainAdminAsStaff(MockEppLib):
@less_console_noise_decorator @less_console_noise_decorator
def test_deletion_is_successful(self): def test_deletion_is_successful(self):
""" """
Scenario: Domain deletion is unsuccessful Scenario: Domain deletion is successful
When the domain is deleted When the domain is deleted
Then a user-friendly success message is returned for displaying on the web Then a user-friendly success message is returned for displaying on the web
And `state` is set to `DELETED` And `state` is set to `DELETED`
@ -221,6 +223,55 @@ class TestDomainAdminAsStaff(MockEppLib):
self.assertEqual(domain.state, Domain.State.DELETED) self.assertEqual(domain.state, Domain.State.DELETED)
# @less_console_noise_decorator
def test_deletion_is_unsuccessful(self):
"""
Scenario: Domain deletion is unsuccessful
When the domain is deleted and has shared subdomains
Then a user-friendly success message is returned for displaying on the web
And `state` is not set to `DELETED`
"""
domain, _ = Domain.objects.get_or_create(name="sharingiscaring.gov", state=Domain.State.ON_HOLD)
# Put in client hold
domain.place_client_hold()
# Ensure everything is displaying correctly
response = self.client.get(
"/admin/registrar/domain/{}/change/".format(domain.pk),
follow=True,
)
self.assertEqual(response.status_code, 200)
self.assertContains(response, domain.name)
self.assertContains(response, "Remove from registry")
# The contents of the modal should exist before and after the post.
# Check for the header
self.assertContains(response, "Are you sure you want to remove this domain from the registry?")
# Check for some of its body
self.assertContains(response, "When a domain is removed from the registry:")
# Check for some of the button content
self.assertContains(response, "Yes, remove from registry")
# Test the info dialog
request = self.factory.post(
"/admin/registrar/domain/{}/change/".format(domain.pk),
{"_delete_domain": "Remove from registry", "name": domain.name},
follow=True,
)
request.user = self.client
with patch("django.contrib.messages.add_message") as mock_add_message:
self.admin.do_delete_domain(request, domain)
mock_add_message.assert_called_once_with(
request,
messages.ERROR,
"Error deleting this Domain: This subdomain is being used as a hostname on another domain: ns1.sharedhost.com", # noqa
extra_tags="",
fail_silently=False,
)
self.assertEqual(domain.state, Domain.State.ON_HOLD)
@less_console_noise_decorator @less_console_noise_decorator
def test_deletion_ready_fsm_failure(self): def test_deletion_ready_fsm_failure(self):
""" """

239
src/registrar/tests/test_models_domain.py
View file

@ -9,6 +9,7 @@ from django.db.utils import IntegrityError
from unittest.mock import MagicMock, patch, call from unittest.mock import MagicMock, patch, call
import datetime import datetime
from django.utils.timezone import make_aware from django.utils.timezone import make_aware
from api.tests.common import less_console_noise_decorator
from registrar.models import Domain, Host, HostIP from registrar.models import Domain, Host, HostIP
from unittest import skip from unittest import skip
@ -1454,6 +1455,7 @@ class TestRegistrantNameservers(MockEppLib):
), ),
call(commands.DeleteHost(name="ns1.cats-are-superior3.com"), cleaned=True), call(commands.DeleteHost(name="ns1.cats-are-superior3.com"), cleaned=True),
] ]
self.mockedSendFunction.assert_has_calls(expectedCalls, any_order=True) self.mockedSendFunction.assert_has_calls(expectedCalls, any_order=True)
self.assertFalse(self.domainWithThreeNS.is_active()) self.assertFalse(self.domainWithThreeNS.is_active())
@ -2582,12 +2584,32 @@ class TestAnalystDelete(MockEppLib):
""" """
super().setUp() super().setUp()
self.domain, _ = Domain.objects.get_or_create(name="fake.gov", state=Domain.State.READY) self.domain, _ = Domain.objects.get_or_create(name="fake.gov", state=Domain.State.READY)
self.domain_with_contacts, _ = Domain.objects.get_or_create(name="freeman.gov", state=Domain.State.READY)
self.domain_on_hold, _ = Domain.objects.get_or_create(name="fake-on-hold.gov", state=Domain.State.ON_HOLD) self.domain_on_hold, _ = Domain.objects.get_or_create(name="fake-on-hold.gov", state=Domain.State.ON_HOLD)
Host.objects.create(name="ns1.sharingiscaring.gov", domain=self.domain_on_hold)
PublicContact.objects.create(
registry_id="regContact",
contact_type=PublicContact.ContactTypeChoices.REGISTRANT,
domain=self.domain_with_contacts,
)
PublicContact.objects.create(
registry_id="adminContact",
contact_type=PublicContact.ContactTypeChoices.ADMINISTRATIVE,
domain=self.domain_with_contacts,
)
PublicContact.objects.create(
registry_id="techContact",
contact_type=PublicContact.ContactTypeChoices.TECHNICAL,
domain=self.domain_with_contacts,
)
def tearDown(self): def tearDown(self):
Host.objects.all().delete()
PublicContact.objects.all().delete()
Domain.objects.all().delete() Domain.objects.all().delete()
super().tearDown() super().tearDown()
@less_console_noise_decorator
def test_analyst_deletes_domain(self): def test_analyst_deletes_domain(self):
""" """
Scenario: Analyst permanently deletes a domain Scenario: Analyst permanently deletes a domain
@ -2597,59 +2619,163 @@ class TestAnalystDelete(MockEppLib):
The deleted date is set. The deleted date is set.
""" """
with less_console_noise(): # Put the domain in client hold
# Put the domain in client hold self.domain.place_client_hold()
self.domain.place_client_hold() # Delete it...
# Delete it... self.domain.deletedInEpp()
self.domain.deletedInEpp() self.domain.save()
self.domain.save() self.mockedSendFunction.assert_has_calls(
self.mockedSendFunction.assert_has_calls( [
[ call(
call( commands.DeleteDomain(name="fake.gov"),
commands.DeleteDomain(name="fake.gov"), cleaned=True,
cleaned=True, )
) ]
] )
) # Domain itself should not be deleted
# Domain itself should not be deleted self.assertNotEqual(self.domain, None)
self.assertNotEqual(self.domain, None) # Domain should have the right state
# Domain should have the right state self.assertEqual(self.domain.state, Domain.State.DELETED)
self.assertEqual(self.domain.state, Domain.State.DELETED) # Domain should have a deleted
# Domain should have a deleted self.assertNotEqual(self.domain.deleted, None)
self.assertNotEqual(self.domain.deleted, None) # Cache should be invalidated
# Cache should be invalidated self.assertEqual(self.domain._cache, {})
self.assertEqual(self.domain._cache, {})
@less_console_noise_decorator
def test_deletion_is_unsuccessful(self): def test_deletion_is_unsuccessful(self):
""" """
Scenario: Domain deletion is unsuccessful Scenario: Domain deletion is unsuccessful
When a subdomain exists When a subdomain exists that is in use by another domain
Then a client error is returned of code 2305 Then a client error is returned of code 2305
And `state` is not set to `DELETED` And `state` is not set to `DELETED`
""" """
with less_console_noise(): # Desired domain
# Desired domain domain, _ = Domain.objects.get_or_create(name="sharingiscaring.gov", state=Domain.State.ON_HOLD)
domain, _ = Domain.objects.get_or_create(name="failDelete.gov", state=Domain.State.ON_HOLD) # Put the domain in client hold
# Put the domain in client hold domain.place_client_hold()
domain.place_client_hold() # Delete it
# Delete it with self.assertRaises(RegistryError) as err:
with self.assertRaises(RegistryError) as err: domain.deletedInEpp()
domain.deletedInEpp() domain.save()
domain.save()
self.assertTrue(err.is_client_error() and err.code == ErrorCode.OBJECT_ASSOCIATION_PROHIBITS_OPERATION)
self.mockedSendFunction.assert_has_calls(
[
call(
commands.DeleteDomain(name="failDelete.gov"),
cleaned=True,
)
]
)
# Domain itself should not be deleted
self.assertNotEqual(domain, None)
# State should not have changed
self.assertEqual(domain.state, Domain.State.ON_HOLD)
self.assertTrue(err.code == ErrorCode.OBJECT_ASSOCIATION_PROHIBITS_OPERATION)
self.assertEqual(err.msg, "Host ns1.sharingiscaring.gov is in use by: fake-on-hold.gov")
# Domain itself should not be deleted
self.assertNotEqual(domain, None)
# State should not have changed
self.assertEqual(domain.state, Domain.State.ON_HOLD)
@less_console_noise_decorator
def test_deletion_with_host_and_contacts(self):
"""
Scenario: Domain with related Host and Contacts is Deleted
When a contact and host exists that is tied to this domain
Then all the needed commands are sent to the registry
And `state` is set to `DELETED`
"""
# Put the domain in client hold
self.domain_with_contacts.place_client_hold()
# Delete it
self.domain_with_contacts.deletedInEpp()
self.domain_with_contacts.save()
# Check that the host and contacts are deleted
self.mockedSendFunction.assert_has_calls(
[
call(
commands.UpdateDomain(
name="freeman.gov",
add=[common.Status(state=Domain.Status.CLIENT_HOLD, description="", lang="en")],
rem=[],
nsset=None,
keyset=None,
registrant=None,
auth_info=None,
),
cleaned=True,
),
]
)
self.mockedSendFunction.assert_has_calls(
[
call(
commands.InfoDomain(name="freeman.gov", auth_info=None),
cleaned=True,
),
call(
commands.InfoHost(name="fake.host.com"),
cleaned=True,
),
call(
commands.UpdateDomain(
name="freeman.gov",
add=[],
rem=[common.HostObjSet(hosts=["fake.host.com"])],
nsset=None,
keyset=None,
registrant=None,
auth_info=None,
),
cleaned=True,
),
]
)
self.mockedSendFunction.assert_has_calls(
[
call(
commands.DeleteHost(name="fake.host.com"),
cleaned=True,
),
call(
commands.UpdateDomain(
name="freeman.gov",
add=[],
rem=[common.DomainContact(contact="adminContact", type="admin")],
nsset=None,
keyset=None,
registrant=None,
auth_info=None,
),
cleaned=True,
),
call(
commands.DeleteContact(id="adminContact"),
cleaned=True,
),
call(
commands.UpdateDomain(
name="freeman.gov",
add=[],
rem=[common.DomainContact(contact="techContact", type="tech")],
nsset=None,
keyset=None,
registrant=None,
auth_info=None,
),
cleaned=True,
),
call(
commands.DeleteContact(id="techContact"),
cleaned=True,
),
],
any_order=True,
)
self.mockedSendFunction.assert_has_calls(
[
call(
commands.DeleteDomain(name="freeman.gov"),
cleaned=True,
),
],
)
# Domain itself should not be deleted
self.assertNotEqual(self.domain_with_contacts, None)
# State should have changed
self.assertEqual(self.domain_with_contacts.state, Domain.State.DELETED)
@less_console_noise_decorator
def test_deletion_ready_fsm_failure(self): def test_deletion_ready_fsm_failure(self):
""" """
Scenario: Domain deletion is unsuccessful due to FSM rules Scenario: Domain deletion is unsuccessful due to FSM rules
@ -2661,15 +2787,14 @@ class TestAnalystDelete(MockEppLib):
The deleted date is still null. The deleted date is still null.
""" """
with less_console_noise(): self.assertEqual(self.domain.state, Domain.State.READY)
self.assertEqual(self.domain.state, Domain.State.READY) with self.assertRaises(TransitionNotAllowed) as err:
with self.assertRaises(TransitionNotAllowed) as err: self.domain.deletedInEpp()
self.domain.deletedInEpp() self.domain.save()
self.domain.save() self.assertTrue(err.is_client_error() and err.code == ErrorCode.OBJECT_STATUS_PROHIBITS_OPERATION)
self.assertTrue(err.is_client_error() and err.code == ErrorCode.OBJECT_STATUS_PROHIBITS_OPERATION) # Domain should not be deleted
# Domain should not be deleted self.assertNotEqual(self.domain, None)
self.assertNotEqual(self.domain, None) # Domain should have the right state
# Domain should have the right state self.assertEqual(self.domain.state, Domain.State.READY)
self.assertEqual(self.domain.state, Domain.State.READY) # deleted should be null
# deleted should be null self.assertEqual(self.domain.deleted, None)
self.assertEqual(self.domain.deleted, None)

231
src/registrar/tests/test_views_member_domains_json.py
View file

@ -58,10 +58,13 @@ class GetPortfolioMemberDomainsJsonTest(TestWithUser, WebTest):
cls.domain1 = Domain.objects.create(name="example1.com", expiration_date="2024-03-01", state="ready") cls.domain1 = Domain.objects.create(name="example1.com", expiration_date="2024-03-01", state="ready")
cls.domain2 = Domain.objects.create(name="example2.com", expiration_date="2024-03-01", state="ready") cls.domain2 = Domain.objects.create(name="example2.com", expiration_date="2024-03-01", state="ready")
cls.domain3 = Domain.objects.create(name="example3.com", expiration_date="2024-03-01", state="ready") cls.domain3 = Domain.objects.create(name="example3.com", expiration_date="2024-03-01", state="ready")
cls.domain4 = Domain.objects.create(name="example4.com", expiration_date="2024-03-01", state="ready")
# Add domain1 and domain2 to portfolio # Add domain1 and domain2 to portfolio
DomainInformation.objects.create(creator=cls.user, domain=cls.domain1, portfolio=cls.portfolio) DomainInformation.objects.create(creator=cls.user, domain=cls.domain1, portfolio=cls.portfolio)
DomainInformation.objects.create(creator=cls.user, domain=cls.domain2, portfolio=cls.portfolio) DomainInformation.objects.create(creator=cls.user, domain=cls.domain2, portfolio=cls.portfolio)
DomainInformation.objects.create(creator=cls.user, domain=cls.domain3, portfolio=cls.portfolio) DomainInformation.objects.create(creator=cls.user, domain=cls.domain3, portfolio=cls.portfolio)
DomainInformation.objects.create(creator=cls.user, domain=cls.domain4, portfolio=cls.portfolio)
# Assign user_member to view all domains # Assign user_member to view all domains
UserPortfolioPermission.objects.create( UserPortfolioPermission.objects.create(
@ -70,8 +73,10 @@ class GetPortfolioMemberDomainsJsonTest(TestWithUser, WebTest):
roles=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN], roles=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN],
) )
# Add user_member as manager of domains # Add user_member as manager of domains
UserDomainRole.objects.create(user=cls.user_member, domain=cls.domain1) UserDomainRole.objects.create(user=cls.user_member, domain=cls.domain1, role=UserDomainRole.Roles.MANAGER)
UserDomainRole.objects.create(user=cls.user_member, domain=cls.domain2) UserDomainRole.objects.create(user=cls.user_member, domain=cls.domain2, role=UserDomainRole.Roles.MANAGER)
UserDomainRole.objects.create(user=cls.user_member, domain=cls.domain3, role=UserDomainRole.Roles.MANAGER)
UserDomainRole.objects.create(user=cls.user_no_perms, domain=cls.domain3, role=UserDomainRole.Roles.MANAGER)
# Add an invited member who has been invited to manage domains # Add an invited member who has been invited to manage domains
cls.invited_member_email = "invited@example.com" cls.invited_member_email = "invited@example.com"
@ -123,11 +128,11 @@ class GetPortfolioMemberDomainsJsonTest(TestWithUser, WebTest):
self.assertFalse(data["has_previous"]) self.assertFalse(data["has_previous"])
self.assertFalse(data["has_next"]) self.assertFalse(data["has_next"])
self.assertEqual(data["num_pages"], 1) self.assertEqual(data["num_pages"], 1)
self.assertEqual(data["total"], 2) self.assertEqual(data["total"], 3)
self.assertEqual(data["unfiltered_total"], 2) self.assertEqual(data["unfiltered_total"], 3)
# Check the number of domains # Check the number of domains
self.assertEqual(len(data["domains"]), 2) self.assertEqual(len(data["domains"]), 3)
@less_console_noise_decorator @less_console_noise_decorator
@override_flag("organization_feature", active=True) @override_flag("organization_feature", active=True)
@ -169,11 +174,11 @@ class GetPortfolioMemberDomainsJsonTest(TestWithUser, WebTest):
self.assertFalse(data["has_previous"]) self.assertFalse(data["has_previous"])
self.assertFalse(data["has_next"]) self.assertFalse(data["has_next"])
self.assertEqual(data["num_pages"], 1) self.assertEqual(data["num_pages"], 1)
self.assertEqual(data["total"], 3) self.assertEqual(data["total"], 4)
self.assertEqual(data["unfiltered_total"], 3) self.assertEqual(data["unfiltered_total"], 4)
# Check the number of domains # Check the number of domains
self.assertEqual(len(data["domains"]), 3) self.assertEqual(len(data["domains"]), 4)
@less_console_noise_decorator @less_console_noise_decorator
@override_flag("organization_feature", active=True) @override_flag("organization_feature", active=True)
@ -192,11 +197,11 @@ class GetPortfolioMemberDomainsJsonTest(TestWithUser, WebTest):
self.assertFalse(data["has_previous"]) self.assertFalse(data["has_previous"])
self.assertFalse(data["has_next"]) self.assertFalse(data["has_next"])
self.assertEqual(data["num_pages"], 1) self.assertEqual(data["num_pages"], 1)
self.assertEqual(data["total"], 3) self.assertEqual(data["total"], 4)
self.assertEqual(data["unfiltered_total"], 3) self.assertEqual(data["unfiltered_total"], 4)
# Check the number of domains # Check the number of domains
self.assertEqual(len(data["domains"]), 3) self.assertEqual(len(data["domains"]), 4)
@less_console_noise_decorator @less_console_noise_decorator
@override_flag("organization_feature", active=True) @override_flag("organization_feature", active=True)
@ -221,7 +226,7 @@ class GetPortfolioMemberDomainsJsonTest(TestWithUser, WebTest):
self.assertFalse(data["has_next"]) self.assertFalse(data["has_next"])
self.assertEqual(data["num_pages"], 1) self.assertEqual(data["num_pages"], 1)
self.assertEqual(data["total"], 1) self.assertEqual(data["total"], 1)
self.assertEqual(data["unfiltered_total"], 3) self.assertEqual(data["unfiltered_total"], 4)
# Check the number of domains # Check the number of domains
self.assertEqual(len(data["domains"]), 1) self.assertEqual(len(data["domains"]), 1)
@ -249,7 +254,7 @@ class GetPortfolioMemberDomainsJsonTest(TestWithUser, WebTest):
self.assertFalse(data["has_next"]) self.assertFalse(data["has_next"])
self.assertEqual(data["num_pages"], 1) self.assertEqual(data["num_pages"], 1)
self.assertEqual(data["total"], 1) self.assertEqual(data["total"], 1)
self.assertEqual(data["unfiltered_total"], 3) self.assertEqual(data["unfiltered_total"], 4)
# Check the number of domains # Check the number of domains
self.assertEqual(len(data["domains"]), 1) self.assertEqual(len(data["domains"]), 1)
@ -278,11 +283,11 @@ class GetPortfolioMemberDomainsJsonTest(TestWithUser, WebTest):
self.assertFalse(data["has_previous"]) self.assertFalse(data["has_previous"])
self.assertFalse(data["has_next"]) self.assertFalse(data["has_next"])
self.assertEqual(data["num_pages"], 1) self.assertEqual(data["num_pages"], 1)
self.assertEqual(data["total"], 3) self.assertEqual(data["total"], 4)
self.assertEqual(data["unfiltered_total"], 3) self.assertEqual(data["unfiltered_total"], 4)
# Check the number of domains # Check the number of domains
self.assertEqual(len(data["domains"]), 3) self.assertEqual(len(data["domains"]), 4)
# Check the name of the first domain is example1.com # Check the name of the first domain is example1.com
self.assertEqual(data["domains"][0]["name"], "example1.com") self.assertEqual(data["domains"][0]["name"], "example1.com")
@ -306,14 +311,121 @@ class GetPortfolioMemberDomainsJsonTest(TestWithUser, WebTest):
self.assertFalse(data["has_previous"]) self.assertFalse(data["has_previous"])
self.assertFalse(data["has_next"]) self.assertFalse(data["has_next"])
self.assertEqual(data["num_pages"], 1) self.assertEqual(data["num_pages"], 1)
self.assertEqual(data["total"], 3) self.assertEqual(data["total"], 4)
self.assertEqual(data["unfiltered_total"], 3) self.assertEqual(data["unfiltered_total"], 4)
# Check the number of domains # Check the number of domains
self.assertEqual(len(data["domains"]), 3) self.assertEqual(len(data["domains"]), 4)
# Check the name of the first domain is example1.com # Check the name of the first domain is example1.com
self.assertEqual(data["domains"][0]["name"], "example3.com") self.assertEqual(data["domains"][0]["name"], "example4.com")
@less_console_noise_decorator
@override_flag("organization_feature", active=True)
@override_flag("organization_members", active=True)
def test_get_portfolio_member_domains_json_authenticated_sort_by_checked(self):
"""Test that sort returns results in correct order."""
# Test by checked in ascending order
response = self.app.get(
reverse("get_member_domains_json"),
params={
"portfolio": self.portfolio.id,
"email": self.user_member.id,
"member_only": "false",
"checkedDomainIds": f"{self.domain2.id},{self.domain3.id}",
"sort_by": "checked",
"order": "asc",
},
)
self.assertEqual(response.status_code, 200)
data = response.json
# Check pagination info
self.assertEqual(data["page"], 1)
self.assertFalse(data["has_previous"])
self.assertFalse(data["has_next"])
self.assertEqual(data["num_pages"], 1)
self.assertEqual(data["total"], 4)
self.assertEqual(data["unfiltered_total"], 4)
# Check the number of domains
self.assertEqual(len(data["domains"]), 4)
# Check the name of the first domain is the first unchecked domain sorted alphabetically
self.assertEqual(data["domains"][0]["name"], "example1.com")
self.assertEqual(data["domains"][1]["name"], "example4.com")
# Test by checked in descending order
response = self.app.get(
reverse("get_member_domains_json"),
params={
"portfolio": self.portfolio.id,
"email": self.user_member.id,
"member_only": "false",
"checkedDomainIds": f"{self.domain2.id},{self.domain3.id}",
"sort_by": "checked",
"order": "desc",
},
)
self.assertEqual(response.status_code, 200)
data = response.json
# Check pagination info
self.assertEqual(data["page"], 1)
self.assertFalse(data["has_previous"])
self.assertFalse(data["has_next"])
self.assertEqual(data["num_pages"], 1)
self.assertEqual(data["total"], 4)
self.assertEqual(data["unfiltered_total"], 4)
# Check the number of domains
self.assertEqual(len(data["domains"]), 4)
# Check the name of the first domain is the first checked domain sorted alphabetically
self.assertEqual(data["domains"][0]["name"], "example2.com")
self.assertEqual(data["domains"][1]["name"], "example3.com")
@less_console_noise_decorator
@override_flag("organization_feature", active=True)
@override_flag("organization_members", active=True)
def test_get_portfolio_member_domains_json_authenticated_member_is_only_manager(self):
"""Test that sort returns member_is_only_manager when member_domain_role_exists
and member_domain_role_count == 1"""
response = self.app.get(
reverse("get_member_domains_json"),
params={
"portfolio": self.portfolio.id,
"member_id": self.user_member.id,
"member_only": "false",
"sort_by": "name",
"order": "asc",
},
)
self.assertEqual(response.status_code, 200)
data = response.json
# Check pagination info
self.assertEqual(data["page"], 1)
self.assertFalse(data["has_previous"])
self.assertFalse(data["has_next"])
self.assertEqual(data["num_pages"], 1)
self.assertEqual(data["total"], 4)
self.assertEqual(data["unfiltered_total"], 4)
# Check the number of domains
self.assertEqual(len(data["domains"]), 4)
self.assertEqual(data["domains"][0]["name"], "example1.com")
self.assertEqual(data["domains"][1]["name"], "example2.com")
self.assertEqual(data["domains"][2]["name"], "example3.com")
self.assertEqual(data["domains"][3]["name"], "example4.com")
self.assertEqual(data["domains"][0]["member_is_only_manager"], True)
self.assertEqual(data["domains"][1]["member_is_only_manager"], True)
# domain3 has 2 managers
self.assertEqual(data["domains"][2]["member_is_only_manager"], False)
# no managers on this one
self.assertEqual(data["domains"][3]["member_is_only_manager"], False)
@less_console_noise_decorator @less_console_noise_decorator
@override_flag("organization_feature", active=True) @override_flag("organization_feature", active=True)
@ -339,11 +451,11 @@ class GetPortfolioMemberDomainsJsonTest(TestWithUser, WebTest):
self.assertFalse(data["has_previous"]) self.assertFalse(data["has_previous"])
self.assertFalse(data["has_next"]) self.assertFalse(data["has_next"])
self.assertEqual(data["num_pages"], 1) self.assertEqual(data["num_pages"], 1)
self.assertEqual(data["total"], 3) self.assertEqual(data["total"], 4)
self.assertEqual(data["unfiltered_total"], 3) self.assertEqual(data["unfiltered_total"], 4)
# Check the number of domains # Check the number of domains
self.assertEqual(len(data["domains"]), 3) self.assertEqual(len(data["domains"]), 4)
# Check the name of the first domain is example1.com # Check the name of the first domain is example1.com
self.assertEqual(data["domains"][0]["name"], "example1.com") self.assertEqual(data["domains"][0]["name"], "example1.com")
@ -367,14 +479,79 @@ class GetPortfolioMemberDomainsJsonTest(TestWithUser, WebTest):
self.assertFalse(data["has_previous"]) self.assertFalse(data["has_previous"])
self.assertFalse(data["has_next"]) self.assertFalse(data["has_next"])
self.assertEqual(data["num_pages"], 1) self.assertEqual(data["num_pages"], 1)
self.assertEqual(data["total"], 3) self.assertEqual(data["total"], 4)
self.assertEqual(data["unfiltered_total"], 3) self.assertEqual(data["unfiltered_total"], 4)
# Check the number of domains # Check the number of domains
self.assertEqual(len(data["domains"]), 3) self.assertEqual(len(data["domains"]), 4)
# Check the name of the first domain is example1.com # Check the name of the first domain is example1.com
self.assertEqual(data["domains"][0]["name"], "example3.com") self.assertEqual(data["domains"][0]["name"], "example4.com")
@less_console_noise_decorator
@override_flag("organization_feature", active=True)
@override_flag("organization_members", active=True)
def test_get_portfolio_invitedmember_domains_json_authenticated_sort_by_checked(self):
"""Test that sort returns results in correct order."""
# Test by checked in ascending order
response = self.app.get(
reverse("get_member_domains_json"),
params={
"portfolio": self.portfolio.id,
"email": self.invited_member_email,
"member_only": "false",
"checkedDomainIds": f"{self.domain2.id},{self.domain3.id}",
"sort_by": "checked",
"order": "asc",
},
)
self.assertEqual(response.status_code, 200)
data = response.json
# Check pagination info
self.assertEqual(data["page"], 1)
self.assertFalse(data["has_previous"])
self.assertFalse(data["has_next"])
self.assertEqual(data["num_pages"], 1)
self.assertEqual(data["total"], 4)
self.assertEqual(data["unfiltered_total"], 4)
# Check the number of domains
self.assertEqual(len(data["domains"]), 4)
# Check the name of the first domain is the first unchecked domain sorted alphabetically
self.assertEqual(data["domains"][0]["name"], "example1.com")
self.assertEqual(data["domains"][1]["name"], "example4.com")
# Test by checked in descending order
response = self.app.get(
reverse("get_member_domains_json"),
params={
"portfolio": self.portfolio.id,
"email": self.invited_member_email,
"member_only": "false",
"checkedDomainIds": f"{self.domain2.id},{self.domain3.id}",
"sort_by": "checked",
"order": "desc",
},
)
self.assertEqual(response.status_code, 200)
data = response.json
# Check pagination info
self.assertEqual(data["page"], 1)
self.assertFalse(data["has_previous"])
self.assertFalse(data["has_next"])
self.assertEqual(data["num_pages"], 1)
self.assertEqual(data["total"], 4)
self.assertEqual(data["unfiltered_total"], 4)
# Check the number of domains
self.assertEqual(len(data["domains"]), 4)
# Check the name of the first domain is the first checked domain sorted alphabetically
self.assertEqual(data["domains"][0]["name"], "example2.com")
self.assertEqual(data["domains"][1]["name"], "example3.com")
@less_console_noise_decorator @less_console_noise_decorator
@override_flag("organization_feature", active=True) @override_flag("organization_feature", active=True)

278
src/registrar/tests/test_views_portfolio.py
View file

@ -2102,6 +2102,127 @@ class TestPortfolioInvitedMemberDomainsView(TestWithUser, WebTest):
self.assertEqual(response.status_code, 404) self.assertEqual(response.status_code, 404)
class TestPortfolioMemberDomainsEditView(TestPortfolioMemberDomainsView):
@classmethod
def setUpClass(cls):
super().setUpClass()
@classmethod
def tearDownClass(cls):
super().tearDownClass()
@less_console_noise_decorator
@override_flag("organization_feature", active=True)
@override_flag("organization_members", active=True)
def test_member_domains_edit_authenticated(self):
"""Tests that the portfolio member domains edit view is accessible."""
self.client.force_login(self.user)
response = self.client.get(reverse("member-domains-edit", kwargs={"pk": self.permission.id}))
# Make sure the page loaded, and that we're on the right page
self.assertEqual(response.status_code, 200)
self.assertContains(response, self.user_member.email)
@less_console_noise_decorator
@override_flag("organization_feature", active=True)
@override_flag("organization_members", active=True)
def test_member_domains_edit_no_perms(self):
"""Tests that the portfolio member domains edit view is not accessible to user with no perms."""
self.client.force_login(self.user_no_perms)
response = self.client.get(reverse("member-domains-edit", kwargs={"pk": self.permission.id}))
# Make sure the request returns forbidden
self.assertEqual(response.status_code, 403)
@less_console_noise_decorator
@override_flag("organization_feature", active=True)
@override_flag("organization_members", active=True)
def test_member_domains_edit_unauthenticated(self):
"""Tests that the portfolio member domains edit view is not accessible when no authenticated user."""
self.client.logout()
response = self.client.get(reverse("member-domains-edit", kwargs={"pk": self.permission.id}))
# Make sure the request returns redirect to openid login
self.assertEqual(response.status_code, 302) # Redirect to openid login
self.assertIn("/openid/login", response.url)
@less_console_noise_decorator
@override_flag("organization_feature", active=True)
@override_flag("organization_members", active=True)
def test_member_domains_edit_not_found(self):
"""Tests that the portfolio member domains edit view returns not found if user
portfolio permission not found."""
self.client.force_login(self.user)
response = self.client.get(reverse("member-domains-edit", kwargs={"pk": "0"}))
# Make sure the response is not found
self.assertEqual(response.status_code, 404)
class TestPortfolioInvitedMemberEditDomainsView(TestPortfolioInvitedMemberDomainsView):
@classmethod
def setUpClass(cls):
super().setUpClass()
@classmethod
def tearDownClass(cls):
super().tearDownClass()
@less_console_noise_decorator
@override_flag("organization_feature", active=True)
@override_flag("organization_members", active=True)
def test_invitedmember_domains_edit_authenticated(self):
"""Tests that the portfolio invited member domains edit view is accessible."""
self.client.force_login(self.user)
response = self.client.get(reverse("invitedmember-domains-edit", kwargs={"pk": self.invitation.id}))
# Make sure the page loaded, and that we're on the right page
self.assertEqual(response.status_code, 200)
self.assertContains(response, self.invited_member_email)
@less_console_noise_decorator
@override_flag("organization_feature", active=True)
@override_flag("organization_members", active=True)
def test_invitedmember_domains_edit_no_perms(self):
"""Tests that the portfolio invited member domains edit view is not accessible to user with no perms."""
self.client.force_login(self.user_no_perms)
response = self.client.get(reverse("invitedmember-domains-edit", kwargs={"pk": self.invitation.id}))
# Make sure the request returns forbidden
self.assertEqual(response.status_code, 403)
@less_console_noise_decorator
@override_flag("organization_feature", active=True)
@override_flag("organization_members", active=True)
def test_invitedmember_domains_edit_unauthenticated(self):
"""Tests that the portfolio invited member domains edit view is not accessible when no authenticated user."""
self.client.logout()
response = self.client.get(reverse("invitedmember-domains-edit", kwargs={"pk": self.invitation.id}))
# Make sure the request returns redirect to openid login
self.assertEqual(response.status_code, 302) # Redirect to openid login
self.assertIn("/openid/login", response.url)
@less_console_noise_decorator
@override_flag("organization_feature", active=True)
@override_flag("organization_members", active=True)
def test_member_domains_edit_not_found(self):
"""Tests that the portfolio invited member domains edit view returns not found if user is not a member."""
self.client.force_login(self.user)
response = self.client.get(reverse("invitedmember-domains-edit", kwargs={"pk": "0"}))
# Make sure the response is not found
self.assertEqual(response.status_code, 404)
class TestRequestingEntity(WebTest): class TestRequestingEntity(WebTest):
"""The requesting entity page is a domain request form that only exists """The requesting entity page is a domain request form that only exists
within the context of a portfolio.""" within the context of a portfolio."""
@ -2521,3 +2642,160 @@ class TestPortfolioInviteNewMemberView(TestWithUser, WebTest):
# Validate Database has not changed # Validate Database has not changed
invite_count_after = PortfolioInvitation.objects.count() invite_count_after = PortfolioInvitation.objects.count()
self.assertEqual(invite_count_after, invite_count_before) self.assertEqual(invite_count_after, invite_count_before)
class TestEditPortfolioMemberView(WebTest):
"""Tests for the edit member page on portfolios"""
def setUp(self):
self.user = create_user()
# Create Portfolio
self.portfolio = Portfolio.objects.create(creator=self.user, organization_name="Test Portfolio")
# Add an invited member who has been invited to manage domains
self.invited_member_email = "invited@example.com"
self.invitation = PortfolioInvitation.objects.create(
email=self.invited_member_email,
portfolio=self.portfolio,
roles=[UserPortfolioRoleChoices.ORGANIZATION_MEMBER],
additional_permissions=[
UserPortfolioPermissionChoices.VIEW_MEMBERS,
],
)
# Assign permissions to the user making requests
UserPortfolioPermission.objects.create(
user=self.user,
portfolio=self.portfolio,
roles=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN],
additional_permissions=[
UserPortfolioPermissionChoices.VIEW_MEMBERS,
UserPortfolioPermissionChoices.EDIT_MEMBERS,
],
)
def tearDown(self):
PortfolioInvitation.objects.all().delete()
UserPortfolioPermission.objects.all().delete()
Portfolio.objects.all().delete()
User.objects.all().delete()
@less_console_noise_decorator
@override_flag("organization_feature", active=True)
@override_flag("organization_members", active=True)
def test_edit_member_permissions_basic_to_admin(self):
"""Tests converting a basic member to admin with full permissions."""
self.client.force_login(self.user)
# Create a basic member to edit
basic_member = create_test_user()
basic_permission = UserPortfolioPermission.objects.create(
user=basic_member,
portfolio=self.portfolio,
roles=[UserPortfolioRoleChoices.ORGANIZATION_MEMBER],
additional_permissions=[UserPortfolioPermissionChoices.VIEW_ALL_REQUESTS],
)
response = self.client.post(
reverse("member-permissions", kwargs={"pk": basic_permission.id}),
{
"role": UserPortfolioRoleChoices.ORGANIZATION_ADMIN,
"domain_request_permission_admin": UserPortfolioPermissionChoices.EDIT_REQUESTS,
"member_permission_admin": UserPortfolioPermissionChoices.EDIT_MEMBERS,
},
)
# Verify redirect and success message
self.assertEqual(response.status_code, 302)
# Verify database changes
basic_permission.refresh_from_db()
self.assertEqual(basic_permission.roles, [UserPortfolioRoleChoices.ORGANIZATION_ADMIN])
self.assertEqual(
set(basic_permission.additional_permissions),
{
UserPortfolioPermissionChoices.EDIT_REQUESTS,
UserPortfolioPermissionChoices.EDIT_MEMBERS,
},
)
@less_console_noise_decorator
@override_flag("organization_feature", active=True)
@override_flag("organization_members", active=True)
def test_edit_member_permissions_validation(self):
"""Tests form validation for required fields based on role."""
self.client.force_login(self.user)
member = create_test_user()
permission = UserPortfolioPermission.objects.create(
user=member, portfolio=self.portfolio, roles=[UserPortfolioRoleChoices.ORGANIZATION_MEMBER]
)
# Test missing required admin permissions
response = self.client.post(
reverse("member-permissions", kwargs={"pk": permission.id}),
{
"role": UserPortfolioRoleChoices.ORGANIZATION_ADMIN,
# Missing required admin fields
},
)
self.assertEqual(response.status_code, 200)
self.assertEqual(
response.context["form"].errors["domain_request_permission_admin"][0],
"Admin domain request permission is required",
)
self.assertEqual(
response.context["form"].errors["member_permission_admin"][0], "Admin member permission is required"
)
@less_console_noise_decorator
@override_flag("organization_feature", active=True)
@override_flag("organization_members", active=True)
def test_edit_invited_member_permissions(self):
"""Tests editing permissions for an invited (but not yet joined) member."""
self.client.force_login(self.user)
# Test updating invitation permissions
response = self.client.post(
reverse("invitedmember-permissions", kwargs={"pk": self.invitation.id}),
{
"role": UserPortfolioRoleChoices.ORGANIZATION_ADMIN,
"domain_request_permission_admin": UserPortfolioPermissionChoices.EDIT_REQUESTS,
"member_permission_admin": UserPortfolioPermissionChoices.EDIT_MEMBERS,
},
)
self.assertEqual(response.status_code, 302)
# Verify invitation was updated
updated_invitation = PortfolioInvitation.objects.get(pk=self.invitation.id)
self.assertEqual(updated_invitation.roles, [UserPortfolioRoleChoices.ORGANIZATION_ADMIN])
self.assertEqual(
set(updated_invitation.additional_permissions),
{
UserPortfolioPermissionChoices.EDIT_REQUESTS,
UserPortfolioPermissionChoices.EDIT_MEMBERS,
},
)
@less_console_noise_decorator
@override_flag("organization_feature", active=True)
@override_flag("organization_members", active=True)
def test_admin_removing_own_admin_role(self):
"""Tests an admin removing their own admin role redirects to home."""
self.client.force_login(self.user)
# Get the user's admin permission
admin_permission = UserPortfolioPermission.objects.get(user=self.user, portfolio=self.portfolio)
response = self.client.post(
reverse("member-permissions", kwargs={"pk": admin_permission.id}),
{
"role": UserPortfolioRoleChoices.ORGANIZATION_MEMBER,
"domain_request_permission_member": UserPortfolioPermissionChoices.VIEW_ALL_REQUESTS,
},
)
self.assertEqual(response.status_code, 302)
self.assertEqual(response["Location"], reverse("home"))

72
src/registrar/views/member_domains_json.py
View file

@ -1,4 +1,5 @@
import logging import logging
from django.db import models
from django.http import JsonResponse from django.http import JsonResponse
from django.core.paginator import Paginator from django.core.paginator import Paginator
from django.shortcuts import get_object_or_404 from django.shortcuts import get_object_or_404
@ -28,11 +29,12 @@ class PortfolioMemberDomainsJson(PortfolioMemberDomainsPermission, View):
objects = self.apply_search(objects, request) objects = self.apply_search(objects, request)
objects = self.apply_sorting(objects, request) objects = self.apply_sorting(objects, request)
paginator = Paginator(objects, 10) paginator = Paginator(objects, self.get_page_size(request))
page_number = request.GET.get("page") page_number = request.GET.get("page")
page_obj = paginator.get_page(page_number) page_obj = paginator.get_page(page_number)
domains = [self.serialize_domain(domain, request.user) for domain in page_obj.object_list] member_id = request.GET.get("member_id")
domains = [self.serialize_domain(domain, member_id, request.user) for domain in page_obj.object_list]
return JsonResponse( return JsonResponse(
{ {
@ -46,6 +48,23 @@ class PortfolioMemberDomainsJson(PortfolioMemberDomainsPermission, View):
} }
) )
def get_page_size(self, request):
"""Gets the page size.
If member_only, need to return the entire result set every time, so need
to set to a very large page size. If not member_only, this can be adjusted
to provide a smaller page size"""
member_only = request.GET.get("member_only", "false").lower() in ["true", "1"]
if member_only:
# This number needs to remain very high as the entire result set
# must be returned when member_only
return 1000
else:
# This number can be adjusted if we want to add pagination to the result page
# later
return 1000
def get_domain_ids_from_request(self, request): def get_domain_ids_from_request(self, request):
"""Get domain ids from request. """Get domain ids from request.
@ -86,13 +105,41 @@ class PortfolioMemberDomainsJson(PortfolioMemberDomainsPermission, View):
return queryset return queryset
def apply_sorting(self, queryset, request): def apply_sorting(self, queryset, request):
# Get the sorting parameters from the request
sort_by = request.GET.get("sort_by", "name") sort_by = request.GET.get("sort_by", "name")
order = request.GET.get("order", "asc") order = request.GET.get("order", "asc")
if order == "desc": # Sort by 'checked' if specified, otherwise by the given field
sort_by = f"-{sort_by}" if sort_by == "checked":
return queryset.order_by(sort_by) # Get list of checked ids from the request
checked_ids = request.GET.get("checkedDomainIds")
if checked_ids:
# Split the comma-separated string into a list of integers
checked_ids = [int(id.strip()) for id in checked_ids.split(",") if id.strip().isdigit()]
else:
# If no value is passed, set checked_ids to an empty list
checked_ids = []
# Annotate each object with a 'checked' value based on whether its ID is in checkedIds
queryset = queryset.annotate(
checked=models.Case(
models.When(id__in=checked_ids, then=models.Value(True)),
default=models.Value(False),
output_field=models.BooleanField(),
)
)
# Add ordering logic for 'checked'
if order == "desc":
queryset = queryset.order_by("-checked", "name")
else:
queryset = queryset.order_by("checked", "name")
else:
# Handle other fields as normal
if order == "desc":
sort_by = f"-{sort_by}"
queryset = queryset.order_by(sort_by)
def serialize_domain(self, domain, user): return queryset
def serialize_domain(self, domain, member_id, user):
suborganization_name = None suborganization_name = None
try: try:
domain_info = domain.domain_info domain_info = domain.domain_info
@ -107,9 +154,22 @@ class PortfolioMemberDomainsJson(PortfolioMemberDomainsPermission, View):
# Check if there is a UserDomainRole for this domain and user # Check if there is a UserDomainRole for this domain and user
user_domain_role_exists = UserDomainRole.objects.filter(domain_id=domain.id, user=user).exists() user_domain_role_exists = UserDomainRole.objects.filter(domain_id=domain.id, user=user).exists()
view_only = not user_domain_role_exists or domain.state in [Domain.State.DELETED, Domain.State.ON_HOLD] view_only = not user_domain_role_exists or domain.state in [Domain.State.DELETED, Domain.State.ON_HOLD]
# Check if the specified member is the only member assigned as manager of domain
only_member_assigned_to_domain = False
if member_id:
member_domain_role_count = UserDomainRole.objects.filter(
domain_id=domain.id, role=UserDomainRole.Roles.MANAGER
).count()
member_domain_role_exists = UserDomainRole.objects.filter(
domain_id=domain.id, user_id=member_id, role=UserDomainRole.Roles.MANAGER
).exists()
only_member_assigned_to_domain = member_domain_role_exists and member_domain_role_count == 1
return { return {
"id": domain.id, "id": domain.id,
"name": domain.name, "name": domain.name,
"member_is_only_manager": only_member_assigned_to_domain,
"expiration_date": domain.expiration_date, "expiration_date": domain.expiration_date,
"state": domain.state, "state": domain.state,
"state_display": domain.state_display(), "state_display": domain.state_display(),

51
src/registrar/views/portfolios.py
View file

@ -6,7 +6,6 @@ from django.shortcuts import get_object_or_404, redirect, render
from django.urls import reverse from django.urls import reverse
from django.utils.safestring import mark_safe from django.utils.safestring import mark_safe
from django.contrib import messages from django.contrib import messages
from registrar.forms import portfolio as portfolioForms from registrar.forms import portfolio as portfolioForms
from registrar.models import Portfolio, User from registrar.models import Portfolio, User
from registrar.models.portfolio_invitation import PortfolioInvitation from registrar.models.portfolio_invitation import PortfolioInvitation
@ -22,6 +21,7 @@ from registrar.views.utility.permission_views import (
PortfolioBasePermissionView, PortfolioBasePermissionView,
NoPortfolioDomainsPermissionView, NoPortfolioDomainsPermissionView,
PortfolioMemberDomainsPermissionView, PortfolioMemberDomainsPermissionView,
PortfolioMemberDomainsEditPermissionView,
PortfolioMemberEditPermissionView, PortfolioMemberEditPermissionView,
PortfolioMemberPermissionView, PortfolioMemberPermissionView,
PortfolioMembersPermissionView, PortfolioMembersPermissionView,
@ -165,12 +165,17 @@ class PortfolioMemberEditView(PortfolioMemberEditPermissionView, View):
def post(self, request, pk): def post(self, request, pk):
portfolio_permission = get_object_or_404(UserPortfolioPermission, pk=pk) portfolio_permission = get_object_or_404(UserPortfolioPermission, pk=pk)
user = portfolio_permission.user user = portfolio_permission.user
form = self.form_class(request.POST, instance=portfolio_permission) form = self.form_class(request.POST, instance=portfolio_permission)
if form.is_valid(): if form.is_valid():
# Check if user is removing their own admin or edit role
removing_admin_role_on_self = (
request.user == user
and UserPortfolioRoleChoices.ORGANIZATION_ADMIN in portfolio_permission.roles
and UserPortfolioRoleChoices.ORGANIZATION_ADMIN not in form.cleaned_data.get("role", [])
)
form.save() form.save()
return redirect("member", pk=pk) messages.success(self.request, "The member access and permission changes have been saved.")
return redirect("member", pk=pk) if not removing_admin_role_on_self else redirect("home")
return render( return render(
request, request,
@ -200,6 +205,24 @@ class PortfolioMemberDomainsView(PortfolioMemberDomainsPermissionView, View):
) )
class PortfolioMemberDomainsEditView(PortfolioMemberDomainsEditPermissionView, View):
template_name = "portfolio_member_domains_edit.html"
def get(self, request, pk):
portfolio_permission = get_object_or_404(UserPortfolioPermission, pk=pk)
member = portfolio_permission.user
return render(
request,
self.template_name,
{
"portfolio_permission": portfolio_permission,
"member": member,
},
)
class PortfolioInvitedMemberView(PortfolioMemberPermissionView, View): class PortfolioInvitedMemberView(PortfolioMemberPermissionView, View):
template_name = "portfolio_member.html" template_name = "portfolio_member.html"
@ -265,6 +288,7 @@ class PortfolioInvitedMemberEditView(PortfolioMemberEditPermissionView, View):
def get(self, request, pk): def get(self, request, pk):
portfolio_invitation = get_object_or_404(PortfolioInvitation, pk=pk) portfolio_invitation = get_object_or_404(PortfolioInvitation, pk=pk)
logger.info(portfolio_invitation)
form = self.form_class(instance=portfolio_invitation) form = self.form_class(instance=portfolio_invitation)
return render( return render(
@ -275,12 +299,13 @@ class PortfolioInvitedMemberEditView(PortfolioMemberEditPermissionView, View):
"invitation": portfolio_invitation, "invitation": portfolio_invitation,
}, },
) )
def post(self, request, pk): def post(self, request, pk):
portfolio_invitation = get_object_or_404(PortfolioInvitation, pk=pk) portfolio_invitation = get_object_or_404(PortfolioInvitation, pk=pk)
form = self.form_class(request.POST, instance=portfolio_invitation) form = self.form_class(request.POST, instance=portfolio_invitation)
if form.is_valid(): if form.is_valid():
form.save() form.save()
messages.success(self.request, "The member access and permission changes have been saved.")
return redirect("invitedmember", pk=pk) return redirect("invitedmember", pk=pk)
return render( return render(
@ -309,6 +334,22 @@ class PortfolioInvitedMemberDomainsView(PortfolioMemberDomainsPermissionView, Vi
) )
class PortfolioInvitedMemberDomainsEditView(PortfolioMemberDomainsEditPermissionView, View):
template_name = "portfolio_member_domains_edit.html"
def get(self, request, pk):
portfolio_invitation = get_object_or_404(PortfolioInvitation, pk=pk)
return render(
request,
self.template_name,
{
"portfolio_invitation": portfolio_invitation,
},
)
class PortfolioNoDomainsView(NoPortfolioDomainsPermissionView, View): class PortfolioNoDomainsView(NoPortfolioDomainsPermissionView, View):
"""Some users have access to the underlying portfolio, but not any domains. """Some users have access to the underlying portfolio, but not any domains.
This is a custom view which explains that to the user - and denotes who to contact. This is a custom view which explains that to the user - and denotes who to contact.

17
src/registrar/views/utility/mixins.py
View file

@ -572,3 +572,20 @@ class PortfolioMemberDomainsPermission(PortfolioBasePermission):
return False return False
return super().has_permission() return super().has_permission()
class PortfolioMemberDomainsEditPermission(PortfolioBasePermission):
"""Permission mixin that allows access to portfolio member or invited member domains edit pages if user
has access to edit, otherwise 403"""
def has_permission(self):
"""Check if this user has access to member or invited member domains for this portfolio.
The user is in self.request.user and the portfolio can be looked
up from the portfolio's primary key in self.kwargs["pk"]"""
portfolio = self.request.session.get("portfolio")
if not self.request.user.has_edit_members_portfolio_permission(portfolio):
return False
return super().has_permission()

11
src/registrar/views/utility/permission_views.py
View file

@ -16,6 +16,7 @@ from .mixins import (
PortfolioDomainRequestsPermission, PortfolioDomainRequestsPermission,
PortfolioDomainsPermission, PortfolioDomainsPermission,
PortfolioMemberDomainsPermission, PortfolioMemberDomainsPermission,
PortfolioMemberDomainsEditPermission,
PortfolioMemberEditPermission, PortfolioMemberEditPermission,
UserDeleteDomainRolePermission, UserDeleteDomainRolePermission,
UserProfilePermission, UserProfilePermission,
@ -279,3 +280,13 @@ class PortfolioMemberDomainsPermissionView(PortfolioMemberDomainsPermission, Por
This abstract view cannot be instantiated. Actual views must specify This abstract view cannot be instantiated. Actual views must specify
`template_name`. `template_name`.
""" """
class PortfolioMemberDomainsEditPermissionView(
PortfolioMemberDomainsEditPermission, PortfolioBasePermissionView, abc.ABC
):
"""Abstract base view for portfolio member domains edit views that enforces permissions.
This abstract view cannot be instantiated. Actual views must specify
`template_name`.
"""

1
src/zap.conf
View file

@ -70,6 +70,7 @@
10038 OUTOFSCOPE http://app:8080/org-name-address 10038 OUTOFSCOPE http://app:8080/org-name-address
10038 OUTOFSCOPE http://app:8080/domain_requests/ 10038 OUTOFSCOPE http://app:8080/domain_requests/
10038 OUTOFSCOPE http://app:8080/domains/ 10038 OUTOFSCOPE http://app:8080/domains/
10038 OUTOFSCOPE http://app:8080/domains/edit
10038 OUTOFSCOPE http://app:8080/organization/ 10038 OUTOFSCOPE http://app:8080/organization/
10038 OUTOFSCOPE http://app:8080/permissions 10038 OUTOFSCOPE http://app:8080/permissions
10038 OUTOFSCOPE http://app:8080/suborganization/ 10038 OUTOFSCOPE http://app:8080/suborganization/